Examples with GCMParameterSpec javax.crypto.spec.GCMParameterSpec used on opensource projects

Search in sources :

Example 86 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project secure-quick-reliable-login by kalaspuffar.

the class SQRLStorage method decryptIdentityKeyQuickPass.

public boolean decryptIdentityKeyQuickPass(String password) {
    this.progressionUpdater.setMax(quickPassIterationCount);
    password = password.substring(0, this.getHintLength());
    try {
        byte[] key = EncryptionUtils.enSCryptIterations(password, quickPassRandomSalt, logNFactor, 32, quickPassIterationCount, this.progressionUpdater);
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
            Key keySpec = new SecretKeySpec(key, "AES");
            Cipher cipher = Cipher.getInstance("AES_256/GCM/NoPadding");
            GCMParameterSpec params = new GCMParameterSpec(128, quickPassInitializationVector);
            cipher.init(Cipher.DECRYPT_MODE, keySpec, params);
            cipher.update(quickPassKeyEncrypted);
            try {
                quickPassKey = cipher.doFinal(quickPassVerificationTag);
            } catch (AEADBadTagException badTag) {
                return false;
            }
        } else {
            byte[] emptyPlainText = new byte[0];
            this.quickPassKey = new byte[32];
            Grc_aesgcm.gcm_setkey(key, key.length);
            int res = Grc_aesgcm.gcm_auth_decrypt(quickPassInitializationVector, quickPassInitializationVector.length, emptyPlainText, emptyPlainText.length, quickPassKeyEncrypted, quickPassKey, quickPassKeyEncrypted.length, quickPassVerificationTag, quickPassVerificationTag.length);
            Grc_aesgcm.gcm_zero_ctx();
            if (res == 0x55555555)
                return false;
        }
    } catch (Exception e) {
        Log.e(SQRLStorage.TAG, e.getMessage(), e);
        return false;
    }
    return true;
}
Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec) AEADBadTagException(javax.crypto.AEADBadTagException) Key(java.security.Key) AEADBadTagException(javax.crypto.AEADBadTagException)

Example 87 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project secure-quick-reliable-login by kalaspuffar.

the class SQRLStorage method encryptIdentityKey.

/**
 * Encrypt the identity key, this has the master key used to login to sites and also the lock
 * key that we supply to the sites in order to lock at a later date if the master key ever
 * gets compromised.
 *
 * @param password          Password used to encrypt the master key.
 * @param entropyHarvester  Class to give us new random bits for encryption
 */
public boolean encryptIdentityKey(String password, EntropyHarvester entropyHarvester) {
    if (!this.hasKeys())
        return false;
    this.progressionUpdater.clear();
    if (!this.hasEncryptedKeys()) {
        this.setHintLength(4);
        this.setIdleTimeout(5);
        this.setPasswordVerify(5);
        this.optionFlags = 0x1f3;
        this.logNFactor = 9;
        this.identityPlaintextLength = 45;
        this.randomSalt = new byte[16];
        this.initializationVector = new byte[12];
        this.hasIdentityBlock = true;
        this.identityMasterKeyEncrypted = new byte[32];
        this.identityLockKeyEncrypted = new byte[32];
        this.identityVerificationTag = new byte[16];
    }
    try {
        entropyHarvester.fetchRandom(this.randomSalt);
        byte[] encResult = EncryptionUtils.enSCryptTime(password, randomSalt, logNFactor, 32, timeInSecondsToRunPWEnScryptOnPassword, this.progressionUpdater);
        this.iterationCount = getIntFromFourBytes(encResult, 0);
        byte[] key = Arrays.copyOfRange(encResult, 4, 36);
        byte[] identityKeys = EncryptionUtils.combine(identityMasterKey, identityLockKey);
        entropyHarvester.fetchRandom(this.initializationVector);
        this.updateIdentityPlaintext();
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
            Key keySpec = new SecretKeySpec(key, "AES");
            Cipher cipher = Cipher.getInstance("AES_256/GCM/NoPadding");
            GCMParameterSpec params = new GCMParameterSpec(128, initializationVector);
            cipher.init(Cipher.ENCRYPT_MODE, keySpec, params);
            cipher.updateAAD(identityPlaintext);
            cipher.update(identityKeys);
            byte[] encryptionResult = cipher.doFinal();
            this.identityMasterKeyEncrypted = Arrays.copyOfRange(encryptionResult, 0, 32);
            this.identityLockKeyEncrypted = Arrays.copyOfRange(encryptionResult, 32, 64);
            this.identityVerificationTag = Arrays.copyOfRange(encryptionResult, 64, 80);
        } else {
            byte[] resultVerificationTag = new byte[16];
            byte[] encryptionResult = new byte[identityKeys.length];
            Grc_aesgcm.gcm_setkey(key, key.length);
            int res = Grc_aesgcm.gcm_encrypt_and_tag(initializationVector, initializationVector.length, identityPlaintext, identityPlaintextLength, identityKeys, encryptionResult, identityKeys.length, resultVerificationTag, resultVerificationTag.length);
            Grc_aesgcm.gcm_zero_ctx();
            if (res == 0x55555555)
                return false;
            this.identityMasterKeyEncrypted = Arrays.copyOfRange(encryptionResult, 0, 32);
            this.identityLockKeyEncrypted = Arrays.copyOfRange(encryptionResult, 32, 64);
            this.identityVerificationTag = resultVerificationTag;
        }
    } catch (Exception e) {
        Log.e(TAG, e.getMessage(), e);
        return false;
    }
    return true;
}
Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec) Key(java.security.Key) AEADBadTagException(javax.crypto.AEADBadTagException)

Example 88 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project secure-quick-reliable-login by kalaspuffar.

the class SQRLStorage method decryptIdentityKey.

/**
 * Decrypt the identity key using quickpass, this has the master key used to login to sites and also the lock
 * key that we supply to the sites in order to unlock at a later date if the master key ever
 * gets compromised.
 *
 * @param password  Password used to unlock the master key.
 */
public boolean decryptIdentityKey(String password) {
    this.progressionUpdater.setMax(iterationCount);
    try {
        byte[] key = EncryptionUtils.enSCryptIterations(password, randomSalt, logNFactor, 32, iterationCount, this.progressionUpdater);
        byte[] identityKeys = EncryptionUtils.combine(identityMasterKeyEncrypted, identityLockKeyEncrypted);
        byte[] decryptionResult = new byte[identityKeys.length];
        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
            Key keySpec = new SecretKeySpec(key, "AES");
            Cipher cipher = Cipher.getInstance("AES_256/GCM/NoPadding");
            GCMParameterSpec params = new GCMParameterSpec(128, initializationVector);
            cipher.init(Cipher.DECRYPT_MODE, keySpec, params);
            cipher.updateAAD(identityPlaintext);
            cipher.update(identityKeys);
            try {
                decryptionResult = cipher.doFinal(identityVerificationTag);
            } catch (AEADBadTagException badTag) {
                return false;
            }
        } else {
            Grc_aesgcm.gcm_setkey(key, key.length);
            int res = Grc_aesgcm.gcm_auth_decrypt(initializationVector, initializationVector.length, identityPlaintext, identityPlaintextLength, identityKeys, decryptionResult, identityKeys.length, identityVerificationTag, identityVerificationTag.length);
            Grc_aesgcm.gcm_zero_ctx();
            if (res == 0x55555555)
                return false;
        }
        identityMasterKey = Arrays.copyOfRange(decryptionResult, 0, 32);
        identityLockKey = Arrays.copyOfRange(decryptionResult, 32, 64);
        if (hasPreviousBlock) {
            return decryptPreviousBlock();
        }
    } catch (Exception e) {
        Log.e(SQRLStorage.TAG, e.getMessage(), e);
        return false;
    }
    return true;
}
Also used : SecretKeySpec(javax.crypto.spec.SecretKeySpec) Cipher(javax.crypto.Cipher) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec) AEADBadTagException(javax.crypto.AEADBadTagException) Key(java.security.Key) AEADBadTagException(javax.crypto.AEADBadTagException)

Example 89 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project keywhiz by square.

the class GCMEncryptor method gcm.

private byte[] gcm(boolean encrypt, byte[] input, byte[] nonce) throws AEADBadTagException {
    try {
        Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
        SecretKey secretKey = new SecretKeySpec(key, KEY_ALGORITHM);
        GCMParameterSpec gcmParameters = new GCMParameterSpec(TAG_BITS, nonce);
        cipher.init(encrypt ? ENCRYPT_MODE : DECRYPT_MODE, secretKey, gcmParameters);
        return cipher.doFinal(input);
    } catch (NoSuchAlgorithmException | NoSuchPaddingException | BadPaddingException | IllegalBlockSizeException | InvalidAlgorithmParameterException | InvalidKeyException e) {
        Throwables.propagateIfInstanceOf(e, AEADBadTagException.class);
        throw Throwables.propagate(e);
    }
}
Also used : SecretKey(javax.crypto.SecretKey) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) Cipher(javax.crypto.Cipher) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) InvalidKeyException(java.security.InvalidKeyException) AEADBadTagException(javax.crypto.AEADBadTagException)

Example 90 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project Signal-Android by signalapp.

the class KeyStoreHelper method unseal.

@RequiresApi(Build.VERSION_CODES.M)
public static byte[] unseal(@NonNull SealedData sealedData) {
    SecretKey secretKey = getKeyStoreEntry();
    try {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.DECRYPT_MODE, secretKey, new GCMParameterSpec(128, sealedData.iv));
        return cipher.doFinal(sealedData.data);
    } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {
        throw new AssertionError(e);
    }
}
Also used : SecretKey(javax.crypto.SecretKey) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) IllegalBlockSizeException(javax.crypto.IllegalBlockSizeException) Cipher(javax.crypto.Cipher) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) BadPaddingException(javax.crypto.BadPaddingException) InvalidKeyException(java.security.InvalidKeyException) RequiresApi(androidx.annotation.RequiresApi)

Aggregations

GCMParameterSpec (javax.crypto.spec.GCMParameterSpec)101 Cipher (javax.crypto.Cipher)71 SecretKeySpec (javax.crypto.spec.SecretKeySpec)46 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)35 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)32 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)31 InvalidKeyException (java.security.InvalidKeyException)30 BadPaddingException (javax.crypto.BadPaddingException)29 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)29 SecretKey (javax.crypto.SecretKey)21 GeneralSecurityException (java.security.GeneralSecurityException)12 AEADBadTagException (javax.crypto.AEADBadTagException)12 Key (java.security.Key)11 ByteBuffer (java.nio.ByteBuffer)7 IOException (java.io.IOException)6 Test (org.junit.Test)6 ExcludedTest (com.google.security.wycheproof.WycheproofRunner.ExcludedTest)5 NoPresubmitTest (com.google.security.wycheproof.WycheproofRunner.NoPresubmitTest)5 SlowTest (com.google.security.wycheproof.WycheproofRunner.SlowTest)5 FileNotFoundException (java.io.FileNotFoundException)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial