use of javax.crypto.spec.GCMParameterSpec in project platform_frameworks_base by android.
the class LockSettingsService method getDecryptedPasswordForTiedProfile.
private String getDecryptedPasswordForTiedProfile(int userId) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, CertificateException, IOException {
if (DEBUG)
Slog.v(TAG, "Get child profile decrytped key");
byte[] storedData = mStorage.readChildProfileLock(userId);
if (storedData == null) {
throw new FileNotFoundException("Child profile lock file not found");
}
byte[] iv = Arrays.copyOfRange(storedData, 0, PROFILE_KEY_IV_SIZE);
byte[] encryptedPassword = Arrays.copyOfRange(storedData, PROFILE_KEY_IV_SIZE, storedData.length);
byte[] decryptionResult;
java.security.KeyStore keyStore = java.security.KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
SecretKey decryptionKey = (SecretKey) keyStore.getKey(LockPatternUtils.PROFILE_KEY_NAME_DECRYPT + userId, null);
Cipher cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" + KeyProperties.BLOCK_MODE_GCM + "/" + KeyProperties.ENCRYPTION_PADDING_NONE);
cipher.init(Cipher.DECRYPT_MODE, decryptionKey, new GCMParameterSpec(128, iv));
decryptionResult = cipher.doFinal(encryptedPassword);
return new String(decryptionResult, StandardCharsets.UTF_8);
}
use of javax.crypto.spec.GCMParameterSpec in project robovm by robovm.
the class GCMParameterSpecTest method testGetIV_Subarray_Success.
public void testGetIV_Subarray_Success() throws Exception {
GCMParameterSpec spec = new GCMParameterSpec(8, TEST_IV, 2, 4);
assertEquals(Arrays.toString(Arrays.copyOfRange(TEST_IV, 2, 6)), Arrays.toString(spec.getIV()));
}
use of javax.crypto.spec.GCMParameterSpec in project keywhiz by square.
the class GCMEncryptor method gcm.
private byte[] gcm(boolean encrypt, byte[] input, byte[] nonce) throws AEADBadTagException {
try {
Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
SecretKey secretKey = new SecretKeySpec(key, KEY_ALGORITHM);
GCMParameterSpec gcmParameters = new GCMParameterSpec(TAG_BITS, nonce);
cipher.init(encrypt ? ENCRYPT_MODE : DECRYPT_MODE, secretKey, gcmParameters);
return cipher.doFinal(input);
} catch (NoSuchAlgorithmException | NoSuchPaddingException | BadPaddingException | IllegalBlockSizeException | InvalidAlgorithmParameterException | InvalidKeyException e) {
Throwables.propagateIfInstanceOf(e, AEADBadTagException.class);
throw Throwables.propagate(e);
}
}
use of javax.crypto.spec.GCMParameterSpec in project jdk8u_jdk by JetBrains.
the class GCMParameters method engineInit.
protected void engineInit(AlgorithmParameterSpec paramSpec) throws InvalidParameterSpecException {
if (!(paramSpec instanceof GCMParameterSpec)) {
throw new InvalidParameterSpecException("Inappropriate parameter specification");
}
GCMParameterSpec gps = (GCMParameterSpec) paramSpec;
// need to convert from bits to bytes for ASN.1 encoding
this.tLen = gps.getTLen() / 8;
this.iv = gps.getIV();
}
use of javax.crypto.spec.GCMParameterSpec in project jdk8u_jdk by JetBrains.
the class CipherBox method applyExplicitNonce.
/*
* Applies the explicit nonce/IV to this cipher. This method is used to
* decrypt an SSL/TLS input record.
*
* The returned value is the SecurityParameters.record_iv_length in
* RFC 4346/5246. It is the size of explicit IV for CBC mode, and the
* size of explicit nonce for AEAD mode.
*
* @param authenticator the authenticator to get the additional
* authentication data
* @param contentType the content type of the input record
* @param bb the byte buffer to get the explicit nonce from
*
* @return the explicit nonce size of the cipher.
*/
int applyExplicitNonce(Authenticator authenticator, byte contentType, ByteBuffer bb) throws BadPaddingException {
switch(cipherType) {
case BLOCK_CIPHER:
// sanity check length of the ciphertext
int tagLen = (authenticator instanceof MAC) ? ((MAC) authenticator).MAClen() : 0;
if (tagLen != 0) {
if (!sanityCheck(tagLen, bb.remaining())) {
throw new BadPaddingException("ciphertext sanity check failed");
}
}
// the SecurityParameters.block_size.
if (protocolVersion.v >= ProtocolVersion.TLS11.v) {
return cipher.getBlockSize();
}
break;
case AEAD_CIPHER:
if (bb.remaining() < (recordIvSize + tagSize)) {
throw new BadPaddingException("invalid AEAD cipher fragment");
}
// initialize the AEAD cipher for the unique IV
byte[] iv = Arrays.copyOf(fixedIv, fixedIv.length + recordIvSize);
bb.get(iv, fixedIv.length, recordIvSize);
bb.position(bb.position() - recordIvSize);
GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
try {
cipher.init(mode, key, spec, random);
} catch (InvalidKeyException | InvalidAlgorithmParameterException ikae) {
// unlikely to happen
throw new RuntimeException("invalid key or spec in GCM mode", ikae);
}
// update the additional authentication data
byte[] aad = authenticator.acquireAuthenticationBytes(contentType, bb.remaining() - recordIvSize - tagSize);
cipher.updateAAD(aad);
return recordIvSize;
}
return 0;
}
Aggregations