use of javax.crypto.spec.GCMParameterSpec in project android_frameworks_base by AOSPA.
the class LockSettingsService method getDecryptedPasswordForTiedProfile.
private String getDecryptedPasswordForTiedProfile(int userId) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, CertificateException, IOException {
if (DEBUG)
Slog.v(TAG, "Get child profile decrytped key");
byte[] storedData = mStorage.readChildProfileLock(userId);
if (storedData == null) {
throw new FileNotFoundException("Child profile lock file not found");
}
byte[] iv = Arrays.copyOfRange(storedData, 0, PROFILE_KEY_IV_SIZE);
byte[] encryptedPassword = Arrays.copyOfRange(storedData, PROFILE_KEY_IV_SIZE, storedData.length);
byte[] decryptionResult;
java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
SecretKey decryptionKey = (SecretKey) keyStore.getKey(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null);
Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE);
cipher.init(Cipher.DECRYPT_MODE, decryptionKey, new GCMParameterSpec(128, iv));
decryptionResult = cipher.doFinal(encryptedPassword);
return new String(decryptionResult, StandardCharsets.UTF_8);
}
use of javax.crypto.spec.GCMParameterSpec in project android_frameworks_base by ResurrectionRemix.
the class LockSettingsService method getDecryptedPasswordForTiedProfile.
private String getDecryptedPasswordForTiedProfile(int userId) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, CertificateException, IOException {
if (DEBUG)
Slog.v(TAG, "Get child profile decrytped key");
byte[] storedData = mStorage.readChildProfileLock(userId);
if (storedData == null) {
throw new FileNotFoundException("Child profile lock file not found");
}
byte[] iv = Arrays.copyOfRange(storedData, 0, PROFILE_KEY_IV_SIZE);
byte[] encryptedPassword = Arrays.copyOfRange(storedData, PROFILE_KEY_IV_SIZE, storedData.length);
byte[] decryptionResult;
java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
SecretKey decryptionKey = (SecretKey) keyStore.getKey(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null);
Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE);
cipher.init(Cipher.DECRYPT_MODE, decryptionKey, new GCMParameterSpec(128, iv));
decryptionResult = cipher.doFinal(encryptedPassword);
return new String(decryptionResult, StandardCharsets.UTF_8);
}
use of javax.crypto.spec.GCMParameterSpec in project jdk8u_jdk by JetBrains.
the class CipherBox method createExplicitNonce.
/*
* Creates the explicit nonce/IV to this cipher. This method is used to
* encrypt an SSL/TLS output record.
*
* The size of the returned array is the SecurityParameters.record_iv_length
* in RFC 4346/5246. It is the size of explicit IV for CBC mode, and the
* size of explicit nonce for AEAD mode.
*
* @param authenticator the authenticator to get the additional
* authentication data
* @param contentType the content type of the input record
* @param fragmentLength the fragment length of the output record, it is
* the TLSCompressed.length in RFC 4346/5246.
*
* @return the explicit nonce of the cipher.
*/
byte[] createExplicitNonce(Authenticator authenticator, byte contentType, int fragmentLength) {
byte[] nonce = new byte[0];
switch(cipherType) {
case BLOCK_CIPHER:
if (protocolVersion.v >= ProtocolVersion.TLS11.v) {
// For block ciphers, the explicit IV length is of length
// SecurityParameters.record_iv_length, which is equal to
// the SecurityParameters.block_size.
//
// Generate a random number as the explicit IV parameter.
nonce = new byte[cipher.getBlockSize()];
random.nextBytes(nonce);
}
break;
case AEAD_CIPHER:
// To be unique and aware of overflow-wrap, sequence number
// is used as the nonce_explicit of AEAD cipher suites.
nonce = authenticator.sequenceNumber();
// initialize the AEAD cipher for the unique IV
byte[] iv = Arrays.copyOf(fixedIv, fixedIv.length + nonce.length);
System.arraycopy(nonce, 0, iv, fixedIv.length, nonce.length);
GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
try {
cipher.init(mode, key, spec, random);
} catch (InvalidKeyException | InvalidAlgorithmParameterException ikae) {
// unlikely to happen
throw new RuntimeException("invalid key or spec in GCM mode", ikae);
}
// update the additional authentication data
byte[] aad = authenticator.acquireAuthenticationBytes(contentType, fragmentLength);
cipher.updateAAD(aad);
break;
}
return nonce;
}
use of javax.crypto.spec.GCMParameterSpec in project jdk8u_jdk by JetBrains.
the class GCMParameterSpecTest method doTest.
/*
* Run the test:
* - check if result of encryption of plain text is the same
* when parameters constructed with different GCMParameterSpec
* constructors are used
* - check if GCMParameterSpec.getTLen() is equal to actual tag length
* - check if ciphertext has the same length as plaintext
*/
private boolean doTest() throws Exception {
GCMParameterSpec spec1 = new GCMParameterSpec(tagLength, IV);
GCMParameterSpec spec2 = new GCMParameterSpec(tagLength, IVO, offset, IVlength);
byte[] cipherText1 = getCipherTextBySpec(spec1);
if (cipherText1 == null) {
return false;
}
byte[] cipherText2 = getCipherTextBySpec(spec2);
if (cipherText2 == null) {
return false;
}
if (!Arrays.equals(cipherText1, cipherText2)) {
System.out.println("Cipher texts are different");
return false;
}
if (spec1.getTLen() != spec2.getTLen()) {
System.out.println("Tag lengths are not equal");
return false;
}
byte[] recoveredText1 = recoverCipherText(cipherText1, spec2);
if (recoveredText1 == null) {
return false;
}
byte[] recoveredText2 = recoverCipherText(cipherText2, spec1);
if (recoveredText2 == null) {
return false;
}
if (!Arrays.equals(recoveredText1, recoveredText2)) {
System.out.println("Recovered texts are different");
return false;
}
if (!Arrays.equals(recoveredText1, data)) {
System.out.println("Recovered and original texts are not equal");
return false;
}
return true;
}
use of javax.crypto.spec.GCMParameterSpec in project android_frameworks_base by crdroidandroid.
the class LockSettingsService method getDecryptedPasswordForTiedProfile.
private String getDecryptedPasswordForTiedProfile(int userId) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, CertificateException, IOException {
if (DEBUG)
Slog.v(TAG, "Get child profile decrytped key");
byte[] storedData = mStorage.readChildProfileLock(userId);
if (storedData == null) {
throw new FileNotFoundException("Child profile lock file not found");
}
byte[] iv = Arrays.copyOfRange(storedData, 0, PROFILE_KEY_IV_SIZE);
byte[] encryptedPassword = Arrays.copyOfRange(storedData, PROFILE_KEY_IV_SIZE, storedData.length);
byte[] decryptionResult;
java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
SecretKey decryptionKey = (SecretKey) keyStore.getKey(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null);
Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE);
cipher.init(Cipher.DECRYPT_MODE, decryptionKey, new GCMParameterSpec(128, iv));
decryptionResult = cipher.doFinal(encryptedPassword);
return new String(decryptionResult, StandardCharsets.UTF_8);
}
Aggregations