use of com.google.crypto.tink.Aead in project tink by google.
the class KmsEnvelopeAead method encrypt.
@Override
public byte[] encrypt(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException {
// Generate a new DEK.
byte[] dek = Registry.newKey(dekTemplate).toByteArray();
// Wrap it with remote.
byte[] encryptedDek = remote.encrypt(dek, EMPTY_AAD);
// Use DEK to encrypt plaintext.
Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek);
byte[] payload = aead.encrypt(plaintext, associatedData);
// Build ciphertext protobuf and return result.
return buildCiphertext(encryptedDek, payload);
}
use of com.google.crypto.tink.Aead in project tink by google.
the class KmsEnvelopeAead method decrypt.
@Override
public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException {
try {
ByteBuffer buffer = ByteBuffer.wrap(ciphertext);
int encryptedDekSize = buffer.getInt();
if (encryptedDekSize <= 0 || encryptedDekSize > (ciphertext.length - LENGTH_ENCRYPTED_DEK)) {
throw new GeneralSecurityException("invalid ciphertext");
}
byte[] encryptedDek = new byte[encryptedDekSize];
buffer.get(encryptedDek, 0, encryptedDekSize);
byte[] payload = new byte[buffer.remaining()];
buffer.get(payload, 0, buffer.remaining());
// Use remote to decrypt encryptedDek.
byte[] dek = remote.decrypt(encryptedDek, EMPTY_AAD);
// Use DEK to decrypt payload.
Aead aead = Registry.getPrimitive(dekTemplate.getTypeUrl(), dek);
return aead.decrypt(payload, associatedData);
} catch (IndexOutOfBoundsException | BufferUnderflowException | NegativeArraySizeException e) {
throw new GeneralSecurityException("invalid ciphertext", e);
}
}
use of com.google.crypto.tink.Aead in project tink by google.
the class KmsEnvelopeAeadKeyManager method getPrimitive.
/**
* @param key {@code KmsEnvelopeAeadKey} proto
*/
@Override
public Aead getPrimitive(MessageLite key) throws GeneralSecurityException {
if (!(key instanceof KmsEnvelopeAeadKey)) {
throw new GeneralSecurityException("expected KmsEnvelopeAeadKey proto");
}
KmsEnvelopeAeadKey keyProto = (KmsEnvelopeAeadKey) key;
validate(keyProto);
String keyUri = keyProto.getParams().getKekUri();
KmsClient kmsClient = KmsClients.get(keyUri);
Aead remote = kmsClient.getAead(keyUri);
return new KmsEnvelopeAead(keyProto.getParams().getDekTemplate(), remote);
}
use of com.google.crypto.tink.Aead in project tink by google.
the class EciesAeadHkdfHybridEncrypt method encrypt.
/**
* Encrypts {@code plaintext} using {@code contextInfo} as <b>info</b>-parameter of the underlying
* HKDF.
*
* @return resulting ciphertext.
*/
@Override
public byte[] encrypt(final byte[] plaintext, final byte[] contextInfo) throws GeneralSecurityException {
EciesHkdfSenderKem.KemKey kemKey = senderKem.generateKey(hkdfHmacAlgo, hkdfSalt, contextInfo, demHelper.getSymmetricKeySizeInBytes(), ecPointFormat);
Aead aead = demHelper.getAead(kemKey.getSymmetricKey());
byte[] ciphertext = aead.encrypt(plaintext, EMPTY_AAD);
byte[] header = kemKey.getKemBytes();
return ByteBuffer.allocate(header.length + ciphertext.length).put(header).put(ciphertext).array();
}
use of com.google.crypto.tink.Aead in project tink by google.
the class AesEaxKeyManagerTest method testCiphertextSize.
@Test
public void testCiphertextSize() throws Exception {
byte[] keyValue = Random.randBytes(AES_KEY_SIZE);
KeysetHandle keysetHandle = TestUtil.createKeysetHandle(TestUtil.createKeyset(TestUtil.createKey(TestUtil.createAesEaxKeyData(keyValue, 16), 42, KeyStatusType.ENABLED, OutputPrefixType.TINK)));
Aead aead = AeadFactory.getPrimitive(keysetHandle);
byte[] plaintext = "plaintext".getBytes("UTF-8");
byte[] associatedData = "associatedData".getBytes("UTF-8");
byte[] ciphertext = aead.encrypt(plaintext, associatedData);
assertEquals(CryptoFormat.NON_RAW_PREFIX_SIZE + 16 + /* IV_SIZE */
plaintext.length + 16, /* TAG_SIZE */
ciphertext.length);
}
Aggregations