use of com.google.crypto.tink.Aead in project tink by google.
the class RsaKemHybridDecrypt method decrypt.
@Override
public byte[] decrypt(final byte[] ciphertext, final byte[] contextInfo) throws GeneralSecurityException {
int modSizeInBytes = RsaKem.bigIntSizeInBytes(recipientPrivateKey.getModulus());
if (ciphertext.length < modSizeInBytes) {
throw new GeneralSecurityException(String.format("Ciphertext must be of at least size %d bytes, but got %d", modSizeInBytes, ciphertext.length));
}
// Decrypt the token to obtain the raw shared secret.
ByteBuffer cipherBuffer = ByteBuffer.wrap(ciphertext);
byte[] token = new byte[modSizeInBytes];
cipherBuffer.get(token);
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/NoPadding");
rsaCipher.init(Cipher.DECRYPT_MODE, recipientPrivateKey);
byte[] sharedSecret = rsaCipher.doFinal(token);
// KDF: derive a DEM key from the shared secret, salt, and contextInfo.
byte[] demKey = Hkdf.computeHkdf(hkdfHmacAlgo, sharedSecret, hkdfSalt, contextInfo, aeadFactory.getKeySizeInBytes());
// DEM: decrypt the payload.
Aead aead = aeadFactory.createAead(demKey);
byte[] demPayload = new byte[cipherBuffer.remaining()];
cipherBuffer.get(demPayload);
return aead.decrypt(demPayload, RsaKem.EMPTY_AAD);
}
use of com.google.crypto.tink.Aead in project tink by google.
the class RsaKemHybridEncrypt method encrypt.
@Override
public byte[] encrypt(final byte[] plaintext, final byte[] contextInfo) throws GeneralSecurityException {
// KEM: generate a random shared secret whose bit length is equal to the modulus'.
BigInteger mod = recipientPublicKey.getModulus();
byte[] sharedSecret = RsaKem.generateSecret(mod);
// KEM: encrypt the shared secret using the public key.
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/NoPadding");
rsaCipher.init(Cipher.ENCRYPT_MODE, recipientPublicKey);
byte[] token = rsaCipher.doFinal(sharedSecret);
// KDF: derive a DEM key from the shared secret, salt, and contextInfo.
byte[] demKey = Hkdf.computeHkdf(hkdfHmacAlgo, sharedSecret, hkdfSalt, contextInfo, aeadFactory.getKeySizeInBytes());
Aead aead = aeadFactory.createAead(demKey);
byte[] ciphertext = aead.encrypt(plaintext, RsaKem.EMPTY_AAD);
return ByteBuffer.allocate(token.length + ciphertext.length).put(token).put(ciphertext).array();
}
use of com.google.crypto.tink.Aead in project tink by google.
the class AeadThreadSafetyTest method testAesCtrHmac.
@Test
public void testAesCtrHmac() throws Exception {
byte[] key = Random.randBytes(16);
byte[] macKey = Random.randBytes(32);
int ivSize = 12;
int macSize = 12;
IndCpaCipher cipher = new AesCtrJceCipher(key, ivSize);
SecretKeySpec keySpec = new SecretKeySpec(macKey, "HMAC");
Mac mac = new PrfMac(new PrfHmacJce("HMACSHA256", keySpec), macSize);
// TODO(b/148134669): Remove the following line.
// There is a potential (but unlikely) race in java.security.Provider. Since AesCtrHmac
// encryption creates a cipher for the first time in
// http://google3/third_party/tink/java_src/src/main/java/com/google/crypto/tink/subtle/AesCtrJceCipher.java?l=128&rcl=272896379
// if we do this multithreaded, there is a potential for a race in case we call encrypt
// for the first time at the same time in multiple threads. To get around this, we first encrypt
// an empty plaintext here.
cipher.encrypt(new byte[0]);
Aead aesCtrHmac = new EncryptThenAuthenticate(cipher, mac, macSize);
testEncryptionDecryption(aesCtrHmac, 5, 128, 20);
}
use of com.google.crypto.tink.Aead in project tink by google.
the class AeadThreadSafetyTest method testChaChaPoly1305.
@Test
public void testChaChaPoly1305() throws Exception {
byte[] key = Random.randBytes(32);
Aead cipher = new ChaCha20Poly1305(key);
testEncryptionDecryption(cipher, 5, 128, 20);
}
use of com.google.crypto.tink.Aead in project tink by google.
the class ChaCha20Poly1305Test method testDecryptThrowsGeneralSecurityExpWhenCiphertextIsTooShort.
@Test
public void testDecryptThrowsGeneralSecurityExpWhenCiphertextIsTooShort() throws GeneralSecurityException {
Assume.assumeFalse(TinkFips.useOnlyFips());
Aead cipher = createInstance(new byte[KEY_SIZE]);
GeneralSecurityException e = assertThrows(GeneralSecurityException.class, () -> cipher.decrypt(new byte[27], new byte[1]));
assertThat(e).hasMessageThat().containsMatch("ciphertext too short");
}
Aggregations