Search in sources :

Example 6 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project android_frameworks_base by AOSPA.

the class LockSettingsService method getDecryptedPasswordForTiedProfile.

private String getDecryptedPasswordForTiedProfile(int userId) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, CertificateException, IOException {
    if (DEBUG)
        Slog.v(TAG, "Get child profile decrytped key");
    byte[] storedData = mStorage.readChildProfileLock(userId);
    if (storedData == null) {
        throw new FileNotFoundException("Child profile lock file not found");
    }
    byte[] iv = Arrays.copyOfRange(storedData, 0, PROFILE_KEY_IV_SIZE);
    byte[] encryptedPassword = Arrays.copyOfRange(storedData, PROFILE_KEY_IV_SIZE, storedData.length);
    byte[] decryptionResult;
    java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
    keyStore.load(null);
    SecretKey decryptionKey = (SecretKey) keyStore.getKey(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null);
    Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE);
    cipher.init(Cipher.DECRYPT_MODE, decryptionKey, new GCMParameterSpec(128, iv));
    decryptionResult = cipher.doFinal(encryptedPassword);
    return new String(decryptionResult, StandardCharsets.UTF_8);
}
Also used : SecretKey(javax.crypto.SecretKey) FileNotFoundException(java.io.FileNotFoundException) Cipher(javax.crypto.Cipher) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)

Example 7 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project android_frameworks_base by ResurrectionRemix.

the class LockSettingsService method getDecryptedPasswordForTiedProfile.

private String getDecryptedPasswordForTiedProfile(int userId) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, CertificateException, IOException {
    if (DEBUG)
        Slog.v(TAG, "Get child profile decrytped key");
    byte[] storedData = mStorage.readChildProfileLock(userId);
    if (storedData == null) {
        throw new FileNotFoundException("Child profile lock file not found");
    }
    byte[] iv = Arrays.copyOfRange(storedData, 0, PROFILE_KEY_IV_SIZE);
    byte[] encryptedPassword = Arrays.copyOfRange(storedData, PROFILE_KEY_IV_SIZE, storedData.length);
    byte[] decryptionResult;
    java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
    keyStore.load(null);
    SecretKey decryptionKey = (SecretKey) keyStore.getKey(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null);
    Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE);
    cipher.init(Cipher.DECRYPT_MODE, decryptionKey, new GCMParameterSpec(128, iv));
    decryptionResult = cipher.doFinal(encryptedPassword);
    return new String(decryptionResult, StandardCharsets.UTF_8);
}
Also used : SecretKey(javax.crypto.SecretKey) FileNotFoundException(java.io.FileNotFoundException) Cipher(javax.crypto.Cipher) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)

Example 8 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project jdk8u_jdk by JetBrains.

the class CipherBox method createExplicitNonce.

/*
     * Creates the explicit nonce/IV to this cipher. This method is used to
     * encrypt an SSL/TLS output record.
     *
     * The size of the returned array is the SecurityParameters.record_iv_length
     * in RFC 4346/5246.  It is the size of explicit IV for CBC mode, and the
     * size of explicit nonce for AEAD mode.
     *
     * @param  authenticator the authenticator to get the additional
     *         authentication data
     * @param  contentType the content type of the input record
     * @param  fragmentLength the fragment length of the output record, it is
     *         the TLSCompressed.length in RFC 4346/5246.
     *
     * @return the explicit nonce of the cipher.
     */
byte[] createExplicitNonce(Authenticator authenticator, byte contentType, int fragmentLength) {
    byte[] nonce = new byte[0];
    switch(cipherType) {
        case BLOCK_CIPHER:
            if (protocolVersion.v >= ProtocolVersion.TLS11.v) {
                // For block ciphers, the explicit IV length is of length
                // SecurityParameters.record_iv_length, which is equal to
                // the SecurityParameters.block_size.
                //
                // Generate a random number as the explicit IV parameter.
                nonce = new byte[cipher.getBlockSize()];
                random.nextBytes(nonce);
            }
            break;
        case AEAD_CIPHER:
            // To be unique and aware of overflow-wrap, sequence number
            // is used as the nonce_explicit of AEAD cipher suites.
            nonce = authenticator.sequenceNumber();
            // initialize the AEAD cipher for the unique IV
            byte[] iv = Arrays.copyOf(fixedIv, fixedIv.length + nonce.length);
            System.arraycopy(nonce, 0, iv, fixedIv.length, nonce.length);
            GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
            try {
                cipher.init(mode, key, spec, random);
            } catch (InvalidKeyException | InvalidAlgorithmParameterException ikae) {
                // unlikely to happen
                throw new RuntimeException("invalid key or spec in GCM mode", ikae);
            }
            // update the additional authentication data
            byte[] aad = authenticator.acquireAuthenticationBytes(contentType, fragmentLength);
            cipher.updateAAD(aad);
            break;
    }
    return nonce;
}
Also used : GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)

Example 9 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project jdk8u_jdk by JetBrains.

the class GCMParameterSpecTest method doTest.

/*
     * Run the test:
     *   - check if result of encryption of plain text is the same
     *     when parameters constructed with different GCMParameterSpec
     *     constructors are used
     *   - check if GCMParameterSpec.getTLen() is equal to actual tag length
     *   - check if ciphertext has the same length as plaintext
     */
private boolean doTest() throws Exception {
    GCMParameterSpec spec1 = new GCMParameterSpec(tagLength, IV);
    GCMParameterSpec spec2 = new GCMParameterSpec(tagLength, IVO, offset, IVlength);
    byte[] cipherText1 = getCipherTextBySpec(spec1);
    if (cipherText1 == null) {
        return false;
    }
    byte[] cipherText2 = getCipherTextBySpec(spec2);
    if (cipherText2 == null) {
        return false;
    }
    if (!Arrays.equals(cipherText1, cipherText2)) {
        System.out.println("Cipher texts are different");
        return false;
    }
    if (spec1.getTLen() != spec2.getTLen()) {
        System.out.println("Tag lengths are not equal");
        return false;
    }
    byte[] recoveredText1 = recoverCipherText(cipherText1, spec2);
    if (recoveredText1 == null) {
        return false;
    }
    byte[] recoveredText2 = recoverCipherText(cipherText2, spec1);
    if (recoveredText2 == null) {
        return false;
    }
    if (!Arrays.equals(recoveredText1, recoveredText2)) {
        System.out.println("Recovered texts are different");
        return false;
    }
    if (!Arrays.equals(recoveredText1, data)) {
        System.out.println("Recovered and original texts are not equal");
        return false;
    }
    return true;
}
Also used : GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)

Example 10 with GCMParameterSpec

use of javax.crypto.spec.GCMParameterSpec in project android_frameworks_base by crdroidandroid.

the class LockSettingsService method getDecryptedPasswordForTiedProfile.

private String getDecryptedPasswordForTiedProfile(int userId) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, CertificateException, IOException {
    if (DEBUG)
        Slog.v(TAG, "Get child profile decrytped key");
    byte[] storedData = mStorage.readChildProfileLock(userId);
    if (storedData == null) {
        throw new FileNotFoundException("Child profile lock file not found");
    }
    byte[] iv = Arrays.copyOfRange(storedData, 0, PROFILE_KEY_IV_SIZE);
    byte[] encryptedPassword = Arrays.copyOfRange(storedData, PROFILE_KEY_IV_SIZE, storedData.length);
    byte[] decryptionResult;
    java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
    keyStore.load(null);
    SecretKey decryptionKey = (SecretKey) keyStore.getKey(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null);
    Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE);
    cipher.init(Cipher.DECRYPT_MODE, decryptionKey, new GCMParameterSpec(128, iv));
    decryptionResult = cipher.doFinal(encryptedPassword);
    return new String(decryptionResult, StandardCharsets.UTF_8);
}
Also used : SecretKey(javax.crypto.SecretKey) FileNotFoundException(java.io.FileNotFoundException) Cipher(javax.crypto.Cipher) GCMParameterSpec(javax.crypto.spec.GCMParameterSpec)

Aggregations

GCMParameterSpec (javax.crypto.spec.GCMParameterSpec)17 Cipher (javax.crypto.Cipher)8 SecretKey (javax.crypto.SecretKey)8 FileNotFoundException (java.io.FileNotFoundException)5 InvalidKeyException (java.security.InvalidKeyException)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)3 AEADBadTagException (javax.crypto.AEADBadTagException)3 BadPaddingException (javax.crypto.BadPaddingException)3 IllegalBlockSizeException (javax.crypto.IllegalBlockSizeException)3 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)3 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2 InvalidParameterSpecException (java.security.spec.InvalidParameterSpecException)2 NoSuchProviderException (java.security.NoSuchProviderException)1 Random (java.util.Random)1 KeyGenerator (javax.crypto.KeyGenerator)1 ShortBufferException (javax.crypto.ShortBufferException)1 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1