Search in sources :

Example 6 with GCMBlockCipher

use of org.bouncycastle.crypto.modes.GCMBlockCipher in project syncany by syncany.

the class TwofishGcmCipherSpec method newCipherInputStream.

@Override
public InputStream newCipherInputStream(InputStream underlyingInputStream, byte[] secretKey, byte[] iv) throws CipherException {
    AEADBlockCipher cipher = new GCMBlockCipher(new TwofishEngine());
    cipher.init(false, new AEADParameters(new KeyParameter(secretKey), MAC_SIZE, iv));
    return new org.bouncycastle.crypto.io.CipherInputStream(underlyingInputStream, cipher);
}
Also used : AEADParameters(org.bouncycastle.crypto.params.AEADParameters) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) TwofishEngine(org.bouncycastle.crypto.engines.TwofishEngine) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) AEADBlockCipher(org.bouncycastle.crypto.modes.AEADBlockCipher)

Example 7 with GCMBlockCipher

use of org.bouncycastle.crypto.modes.GCMBlockCipher in project oxAuth by GluuFederation.

the class JweDecrypterImpl method decryptCipherText.

@Override
public String decryptCipherText(String encodedCipherText, byte[] contentMasterKey, byte[] initializationVector, byte[] authenticationTag, byte[] additionalAuthenticatedData) throws InvalidJweException {
    if (getBlockEncryptionAlgorithm() == null) {
        throw new InvalidJweException("The block encryption algorithm is null");
    }
    if (contentMasterKey == null) {
        throw new InvalidJweException("The content master key (CMK) is null");
    }
    if (initializationVector == null) {
        throw new InvalidJweException("The initialization vector is null");
    }
    if (authenticationTag == null) {
        throw new InvalidJweException("The authentication tag is null");
    }
    if (additionalAuthenticatedData == null) {
        throw new InvalidJweException("The additional authentication data is null");
    }
    try {
        if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
            final int MAC_SIZE_BITS = 128;
            byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);
            KeyParameter key = new KeyParameter(contentMasterKey);
            AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector, additionalAuthenticatedData);
            SecretKeySpec sks = new SecretKeySpec(contentMasterKey, "AES");
            BlockCipher blockCipher = new AESEngine();
            CipherParameters params = new KeyParameter(sks.getEncoded());
            blockCipher.init(false, params);
            GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher);
            aGCMBlockCipher.init(false, aeadParameters);
            byte[] input = new byte[cipherText.length + authenticationTag.length];
            System.arraycopy(cipherText, 0, input, 0, cipherText.length);
            System.arraycopy(authenticationTag, 0, input, cipherText.length, authenticationTag.length);
            int len = aGCMBlockCipher.getOutputSize(input.length);
            byte[] out = new byte[len];
            int outOff = aGCMBlockCipher.processBytes(input, 0, input.length, out, 0);
            aGCMBlockCipher.doFinal(out, outOff);
            String plaintext = new String(out, Charset.forName(Util.UTF8_STRING_ENCODING));
            return plaintext;
        } else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
            byte[] cipherText = Base64Util.base64urldecode(encodedCipherText);
            byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm());
            Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
            IvParameterSpec ivParameter = new IvParameterSpec(initializationVector);
            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(cek, "AES"), ivParameter);
            byte[] decodedPlainTextBytes = cipher.doFinal(cipherText);
            String decodedPlainText = new String(decodedPlainTextBytes, Charset.forName(Util.UTF8_STRING_ENCODING));
            // Integrity check
            String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING)) + "." + encodedCipherText;
            byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm());
            SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
            mac.init(secretKey);
            byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING));
            if (!Arrays.equals(integrityValue, authenticationTag)) {
                throw new InvalidJweException("The authentication tag is not valid");
            }
            return decodedPlainText;
        } else {
            throw new InvalidJweException("The block encryption algorithm is not supported");
        }
    } catch (InvalidCipherTextException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchPaddingException e) {
        throw new InvalidJweException(e);
    } catch (BadPaddingException e) {
        throw new InvalidJweException(e);
    } catch (InvalidAlgorithmParameterException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchAlgorithmException e) {
        throw new InvalidJweException(e);
    } catch (IllegalBlockSizeException e) {
        throw new InvalidJweException(e);
    } catch (UnsupportedEncodingException e) {
        throw new InvalidJweException(e);
    } catch (NoSuchProviderException e) {
        throw new InvalidJweException(e);
    } catch (InvalidKeyException e) {
        throw new InvalidJweException(e);
    } catch (InvalidParameterException e) {
        throw new InvalidJweException(e);
    }
}
Also used : InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) InvalidParameterException(org.xdi.oxauth.model.exception.InvalidParameterException) SecretKeySpec(javax.crypto.spec.SecretKeySpec) InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException) AESEngine(org.bouncycastle.crypto.engines.AESEngine) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) UnsupportedEncodingException(java.io.UnsupportedEncodingException) CipherParameters(org.bouncycastle.crypto.CipherParameters) AEADParameters(org.bouncycastle.crypto.params.AEADParameters) IvParameterSpec(javax.crypto.spec.IvParameterSpec) BlockCipher(org.bouncycastle.crypto.BlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)

Example 8 with GCMBlockCipher

use of org.bouncycastle.crypto.modes.GCMBlockCipher in project Conversations by siacs.

the class AbstractConnectionManager method createInputStream.

public static Pair<InputStream, Integer> createInputStream(DownloadableFile file, boolean gcm) throws FileNotFoundException {
    FileInputStream is;
    int size;
    is = new FileInputStream(file);
    size = (int) file.getSize();
    if (file.getKey() == null) {
        return new Pair<InputStream, Integer>(is, size);
    }
    try {
        if (gcm) {
            AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine());
            cipher.init(true, new AEADParameters(new KeyParameter(file.getKey()), 128, file.getIv()));
            InputStream cis = new org.bouncycastle.crypto.io.CipherInputStream(is, cipher);
            return new Pair<>(cis, cipher.getOutputSize(size));
        } else {
            IvParameterSpec ips = new IvParameterSpec(file.getIv());
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(file.getKey(), "AES"), ips);
            Log.d(Config.LOGTAG, "opening encrypted input stream");
            final int s = Config.REPORT_WRONG_FILESIZE_IN_OTR_JINGLE ? size : (size / 16 + 1) * 16;
            return new Pair<InputStream, Integer>(new CipherInputStream(is, cipher), s);
        }
    } catch (InvalidKeyException e) {
        return null;
    } catch (NoSuchAlgorithmException e) {
        return null;
    } catch (NoSuchPaddingException e) {
        return null;
    } catch (InvalidAlgorithmParameterException e) {
        return null;
    }
}
Also used : AESEngine(org.bouncycastle.crypto.engines.AESEngine) InvalidAlgorithmParameterException(java.security.InvalidAlgorithmParameterException) CipherInputStream(javax.crypto.CipherInputStream) CipherInputStream(javax.crypto.CipherInputStream) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) FileInputStream(java.io.FileInputStream) AEADParameters(org.bouncycastle.crypto.params.AEADParameters) SecretKeySpec(javax.crypto.spec.SecretKeySpec) IvParameterSpec(javax.crypto.spec.IvParameterSpec) Cipher(javax.crypto.Cipher) AEADBlockCipher(org.bouncycastle.crypto.modes.AEADBlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) AEADBlockCipher(org.bouncycastle.crypto.modes.AEADBlockCipher) Pair(android.util.Pair)

Example 9 with GCMBlockCipher

use of org.bouncycastle.crypto.modes.GCMBlockCipher in project syncany by syncany.

the class AesGcmCipherSpec method newCipherOutputStream.

@Override
public OutputStream newCipherOutputStream(OutputStream underlyingOutputStream, byte[] secretKey, byte[] iv) throws CipherException {
    AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine());
    cipher.init(true, new AEADParameters(new KeyParameter(secretKey), MAC_SIZE, iv));
    return new org.bouncycastle.crypto.io.CipherOutputStream(underlyingOutputStream, cipher);
}
Also used : AESEngine(org.bouncycastle.crypto.engines.AESEngine) AEADParameters(org.bouncycastle.crypto.params.AEADParameters) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) AEADBlockCipher(org.bouncycastle.crypto.modes.AEADBlockCipher)

Example 10 with GCMBlockCipher

use of org.bouncycastle.crypto.modes.GCMBlockCipher in project syncany by syncany.

the class TwofishGcmCipherSpec method newCipherOutputStream.

@Override
public OutputStream newCipherOutputStream(OutputStream underlyingOutputStream, byte[] secretKey, byte[] iv) throws CipherException {
    AEADBlockCipher cipher = new GCMBlockCipher(new TwofishEngine());
    cipher.init(true, new AEADParameters(new KeyParameter(secretKey), MAC_SIZE, iv));
    return new org.bouncycastle.crypto.io.CipherOutputStream(underlyingOutputStream, cipher);
}
Also used : AEADParameters(org.bouncycastle.crypto.params.AEADParameters) KeyParameter(org.bouncycastle.crypto.params.KeyParameter) TwofishEngine(org.bouncycastle.crypto.engines.TwofishEngine) GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher) AEADBlockCipher(org.bouncycastle.crypto.modes.AEADBlockCipher)

Aggregations

GCMBlockCipher (org.bouncycastle.crypto.modes.GCMBlockCipher)14 AEADParameters (org.bouncycastle.crypto.params.AEADParameters)12 KeyParameter (org.bouncycastle.crypto.params.KeyParameter)10 AESEngine (org.bouncycastle.crypto.engines.AESEngine)8 AEADBlockCipher (org.bouncycastle.crypto.modes.AEADBlockCipher)8 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 IvParameterSpec (javax.crypto.spec.IvParameterSpec)4 SecretKeySpec (javax.crypto.spec.SecretKeySpec)4 ByteArrayInputStream (java.io.ByteArrayInputStream)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)2 InvalidKeyException (java.security.InvalidKeyException)2 Cipher (javax.crypto.Cipher)2 NoSuchPaddingException (javax.crypto.NoSuchPaddingException)2 BlockCipher (org.bouncycastle.crypto.BlockCipher)2 BufferedBlockCipher (org.bouncycastle.crypto.BufferedBlockCipher)2 CipherParameters (org.bouncycastle.crypto.CipherParameters)2 InvalidCipherTextException (org.bouncycastle.crypto.InvalidCipherTextException)2 AESFastEngine (org.bouncycastle.crypto.engines.AESFastEngine)2 TwofishEngine (org.bouncycastle.crypto.engines.TwofishEngine)2