Example 46 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class RsaKemHybridDecrypt method decrypt.
@Override
public byte[] decrypt(final byte[] ciphertext, final byte[] contextInfo) throws GeneralSecurityException {
int modSizeInBytes = RsaKem.bigIntSizeInBytes(recipientPrivateKey.getModulus());
if (ciphertext.length < modSizeInBytes) {
throw new GeneralSecurityException(String.format("Ciphertext must be of at least size %d bytes, but got %d", modSizeInBytes, ciphertext.length));
}
// Decrypt the token to obtain the raw shared secret.
ByteBuffer cipherBuffer = ByteBuffer.wrap(ciphertext);
byte[] token = new byte[modSizeInBytes];
cipherBuffer.get(token);
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/NoPadding");
rsaCipher.init(Cipher.DECRYPT_MODE, recipientPrivateKey);
byte[] sharedSecret = rsaCipher.doFinal(token);
// KDF: derive a DEM key from the shared secret, salt, and contextInfo.
byte[] demKey = Hkdf.computeHkdf(hkdfHmacAlgo, sharedSecret, hkdfSalt, contextInfo, aeadFactory.getKeySizeInBytes());
// DEM: decrypt the payload.
Aead aead = aeadFactory.createAead(demKey);
byte[] demPayload = new byte[cipherBuffer.remaining()];
cipherBuffer.get(demPayload);
return aead.decrypt(demPayload, RsaKem.EMPTY_AAD);
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
Aead(com.google.crypto.tink.Aead)
Cipher(javax.crypto.Cipher)
ByteBuffer(java.nio.ByteBuffer)
Example 47 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class RsaKemHybridEncrypt method encrypt.
@Override
public byte[] encrypt(final byte[] plaintext, final byte[] contextInfo) throws GeneralSecurityException {
// KEM: generate a random shared secret whose bit length is equal to the modulus'.
BigInteger mod = recipientPublicKey.getModulus();
byte[] sharedSecret = RsaKem.generateSecret(mod);
// KEM: encrypt the shared secret using the public key.
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/NoPadding");
rsaCipher.init(Cipher.ENCRYPT_MODE, recipientPublicKey);
byte[] token = rsaCipher.doFinal(sharedSecret);
// KDF: derive a DEM key from the shared secret, salt, and contextInfo.
byte[] demKey = Hkdf.computeHkdf(hkdfHmacAlgo, sharedSecret, hkdfSalt, contextInfo, aeadFactory.getKeySizeInBytes());
Aead aead = aeadFactory.createAead(demKey);
byte[] ciphertext = aead.encrypt(plaintext, RsaKem.EMPTY_AAD);
return ByteBuffer.allocate(token.length + ciphertext.length).put(token).put(ciphertext).array();
}
Also used :
Aead(com.google.crypto.tink.Aead)
BigInteger(java.math.BigInteger)
Cipher(javax.crypto.Cipher)
Example 48 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class AeadThreadSafetyTest method testAesCtrHmac.
@Test
public void testAesCtrHmac() throws Exception {
byte[] key = Random.randBytes(16);
byte[] macKey = Random.randBytes(32);
int ivSize = 12;
int macSize = 12;
IndCpaCipher cipher = new AesCtrJceCipher(key, ivSize);
SecretKeySpec keySpec = new SecretKeySpec(macKey, "HMAC");
Mac mac = new PrfMac(new PrfHmacJce("HMACSHA256", keySpec), macSize);
// TODO(b/148134669): Remove the following line.
// There is a potential (but unlikely) race in java.security.Provider. Since AesCtrHmac
// encryption creates a cipher for the first time in
// http://google3/third_party/tink/java_src/src/main/java/com/google/crypto/tink/subtle/AesCtrJceCipher.java?l=128&rcl=272896379
// if we do this multithreaded, there is a potential for a race in case we call encrypt
// for the first time at the same time in multiple threads. To get around this, we first encrypt
// an empty plaintext here.
cipher.encrypt(new byte[0]);
Aead aesCtrHmac = new EncryptThenAuthenticate(cipher, mac, macSize);
testEncryptionDecryption(aesCtrHmac, 5, 128, 20);
}
Also used :
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Aead(com.google.crypto.tink.Aead)
Mac(com.google.crypto.tink.Mac)
Test(org.junit.Test)
Example 49 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class AeadThreadSafetyTest method testChaChaPoly1305.
@Test
public void testChaChaPoly1305() throws Exception {
byte[] key = Random.randBytes(32);
Aead cipher = new ChaCha20Poly1305(key);
testEncryptionDecryption(cipher, 5, 128, 20);
}Example 50 with Aead
use of com.google.crypto.tink.Aead in project tink by google.
the class ChaCha20Poly1305Test method testDecryptThrowsGeneralSecurityExpWhenCiphertextIsTooShort.
@Test
public void testDecryptThrowsGeneralSecurityExpWhenCiphertextIsTooShort() throws GeneralSecurityException {
Assume.assumeFalse(TinkFips.useOnlyFips());
Aead cipher = createInstance(new byte[KEY_SIZE]);
GeneralSecurityException e = assertThrows(GeneralSecurityException.class, () -> cipher.decrypt(new byte[27], new byte[1]));
assertThat(e).hasMessageThat().containsMatch("ciphertext too short");
}
Also used :
GeneralSecurityException(java.security.GeneralSecurityException)
Aead(com.google.crypto.tink.Aead)
Test(org.junit.Test)
Aggregations
Aead (com.google.crypto.tink.Aead)84
Test (org.junit.Test)67
GeneralSecurityException (java.security.GeneralSecurityException)25
KeysetHandle (com.google.crypto.tink.KeysetHandle)21
Key (com.google.crypto.tink.proto.Keyset.Key)9
CleartextKeysetHandle (com.google.crypto.tink.CleartextKeysetHandle)7
IOException (java.io.IOException)7
EncryptRequest (com.amazonaws.services.kms.model.EncryptRequest)6
KeyTemplate (com.google.crypto.tink.KeyTemplate)6
ByteString (com.google.protobuf.ByteString)6
DecryptRequest (com.amazonaws.services.kms.model.DecryptRequest)5
EncryptResult (com.amazonaws.services.kms.model.EncryptResult)5
KmsEnvelopeAeadKey (com.google.crypto.tink.proto.KmsEnvelopeAeadKey)5
File (java.io.File)5
FileOutputStream (java.io.FileOutputStream)5
DecryptResult (com.amazonaws.services.kms.model.DecryptResult)4
InvalidProtocolBufferException (com.google.protobuf.InvalidProtocolBufferException)4
ByteBuffer (java.nio.ByteBuffer)4
AesEaxKey (com.google.crypto.tink.proto.AesEaxKey)3
AesGcmKey (com.google.crypto.tink.proto.AesGcmKey)3
