Example 16 with GCMBlockCipher
use of org.bouncycastle.crypto.modes.GCMBlockCipher in project oxAuth by GluuFederation.
the class JweEncrypterImpl method generateCipherTextAndIntegrityValue.
@Override
public Pair<String, String> generateCipherTextAndIntegrityValue(byte[] contentMasterKey, byte[] initializationVector, byte[] additionalAuthenticatedData, byte[] plainText) throws InvalidJweException {
if (getBlockEncryptionAlgorithm() == null) {
throw new InvalidJweException("The block encryption algorithm is null");
}
if (contentMasterKey == null) {
throw new InvalidJweException("The content master key (CMK) is null");
}
if (initializationVector == null) {
throw new InvalidJweException("The initialization vector is null");
}
if (additionalAuthenticatedData == null) {
throw new InvalidJweException("The additional authentication data is null");
}
if (plainText == null) {
throw new InvalidJweException("The plain text to encrypt is null");
}
try {
if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) {
SecretKey secretKey = new SecretKeySpec(contentMasterKey, "AES");
KeyParameter key = new KeyParameter(contentMasterKey);
final int MAC_SIZE_BITS = 128;
AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector, additionalAuthenticatedData);
final int macSize = aeadParameters.getMacSize() / 8;
BlockCipher blockCipher = new AESEngine();
CipherParameters params = new KeyParameter(secretKey.getEncoded());
blockCipher.init(true, params);
GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher);
aGCMBlockCipher.init(true, aeadParameters);
int len = aGCMBlockCipher.getOutputSize(plainText.length);
byte[] out = new byte[len];
int outOff = aGCMBlockCipher.processBytes(plainText, 0, plainText.length, out, 0);
outOff += aGCMBlockCipher.doFinal(out, outOff);
byte[] cipherText = new byte[outOff - macSize];
System.arraycopy(out, 0, cipherText, 0, cipherText.length);
byte[] authenticationTag = new byte[macSize];
System.arraycopy(out, outOff - macSize, authenticationTag, 0, authenticationTag.length);
String encodedCipherText = Base64Util.base64urlencode(cipherText);
String encodedAuthenticationTag = Base64Util.base64urlencode(authenticationTag);
return new Pair<String, String>(encodedCipherText, encodedAuthenticationTag);
} else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) {
byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm());
IvParameterSpec parameters = new IvParameterSpec(initializationVector);
Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm(), "BC");
//Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm());
SecretKeySpec secretKeySpec = new SecretKeySpec(cek, "AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, parameters);
byte[] cipherText = cipher.doFinal(plainText);
String encodedCipherText = Base64Util.base64urlencode(cipherText);
String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING)) + "." + encodedCipherText;
byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm());
SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm());
mac.init(secretKey);
byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING));
String encodedIntegrityValue = Base64Util.base64urlencode(integrityValue);
return new Pair<String, String>(encodedCipherText, encodedIntegrityValue);
} else {
throw new InvalidJweException("The block encryption algorithm is not supported");
}
} catch (InvalidCipherTextException e) {
throw new InvalidJweException(e);
} catch (NoSuchAlgorithmException e) {
throw new InvalidJweException(e);
} catch (UnsupportedEncodingException e) {
throw new InvalidJweException(e);
} catch (NoSuchProviderException e) {
throw new InvalidJweException(e);
} catch (IllegalBlockSizeException e) {
throw new InvalidJweException(e);
} catch (InvalidKeyException e) {
throw new InvalidJweException(e);
} catch (BadPaddingException e) {
throw new InvalidJweException(e);
} catch (InvalidAlgorithmParameterException e) {
throw new InvalidJweException(e);
} catch (NoSuchPaddingException e) {
throw new InvalidJweException(e);
} catch (InvalidParameterException e) {
throw new InvalidJweException(e);
}
}
Also used :
InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException)
KeyParameter(org.bouncycastle.crypto.params.KeyParameter)
InvalidParameterException(org.xdi.oxauth.model.exception.InvalidParameterException)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
InvalidJweException(org.xdi.oxauth.model.exception.InvalidJweException)
Pair(org.xdi.oxauth.model.util.Pair)
AESEngine(org.bouncycastle.crypto.engines.AESEngine)
BlockCipher(org.bouncycastle.crypto.BlockCipher)
GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
CipherParameters(org.bouncycastle.crypto.CipherParameters)
AEADParameters(org.bouncycastle.crypto.params.AEADParameters)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
BlockCipher(org.bouncycastle.crypto.BlockCipher)
GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)
GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)
Example 17 with GCMBlockCipher
use of org.bouncycastle.crypto.modes.GCMBlockCipher in project xipki by xipki.
the class EmulatorP11Identity method aesGmac.
// TODO: check the correctness
private byte[] aesGmac(P11Params params, byte[] contentToSign) throws P11TokenException {
if (params == null) {
throw new P11TokenException("iv must not be null");
}
byte[] iv;
if (params instanceof P11IVParams) {
iv = ((P11IVParams) params).getIV();
} else {
throw new P11TokenException("params must be instanceof P11IVParams");
}
GMac gmac = new GMac(new GCMBlockCipher(new AESEngine()));
ParametersWithIV paramsWithIv = new ParametersWithIV(new KeyParameter(signingKey.getEncoded()), iv);
gmac.init(paramsWithIv);
gmac.update(contentToSign, 0, contentToSign.length);
byte[] signature = new byte[gmac.getMacSize()];
gmac.doFinal(signature, 0);
return signature;
}
Also used :
ParametersWithIV(org.bouncycastle.crypto.params.ParametersWithIV)
AESEngine(org.bouncycastle.crypto.engines.AESEngine)
P11TokenException(org.xipki.security.exception.P11TokenException)
KeyParameter(org.bouncycastle.crypto.params.KeyParameter)
GMac(org.bouncycastle.crypto.macs.GMac)
GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)
P11IVParams(org.xipki.security.pkcs11.P11IVParams)
Example 18 with GCMBlockCipher
use of org.bouncycastle.crypto.modes.GCMBlockCipher in project Zom-Android by zom.
the class Downloader method setupInputStream.
public static InputStream setupInputStream(InputStream is, byte[] keyAndIv) {
if (keyAndIv != null && keyAndIv.length == 48) {
byte[] key = new byte[32];
byte[] iv = new byte[16];
System.arraycopy(keyAndIv, 0, iv, 0, 16);
System.arraycopy(keyAndIv, 16, key, 0, 32);
AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine());
cipher.init(true, new AEADParameters(new KeyParameter(key), 128, iv));
return new CipherInputStream(is, cipher);
} else {
return is;
}
}
Also used :
AESEngine(org.bouncycastle.crypto.engines.AESEngine)
AEADParameters(org.bouncycastle.crypto.params.AEADParameters)
CipherInputStream(org.bouncycastle.crypto.io.CipherInputStream)
KeyParameter(org.bouncycastle.crypto.params.KeyParameter)
GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)
AEADBlockCipher(org.bouncycastle.crypto.modes.AEADBlockCipher)
Example 19 with GCMBlockCipher
use of org.bouncycastle.crypto.modes.GCMBlockCipher in project elastic-core-maven by OrdinaryDude.
the class Crypto method aesGCMDecrypt.
public static byte[] aesGCMDecrypt(byte[] ivCiphertext, byte[] key) {
try {
if (ivCiphertext.length < 16) {
throw new InvalidCipherTextException("invalid ivCiphertext length");
}
byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 16);
byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 16, ivCiphertext.length);
GCMBlockCipher aes = new GCMBlockCipher(new AESEngine());
CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
aes.init(false, ivAndKey);
byte[] output = new byte[aes.getOutputSize(ciphertext.length)];
int plaintextLength = aes.processBytes(ciphertext, 0, ciphertext.length, output, 0);
plaintextLength += aes.doFinal(output, plaintextLength);
byte[] result = new byte[plaintextLength];
System.arraycopy(output, 0, result, 0, result.length);
return result;
} catch (InvalidCipherTextException e) {
throw new RuntimeException(e.getMessage(), e);
}
}
Also used :
CipherParameters(org.bouncycastle.crypto.CipherParameters)
ParametersWithIV(org.bouncycastle.crypto.params.ParametersWithIV)
InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException)
AESEngine(org.bouncycastle.crypto.engines.AESEngine)
KeyParameter(org.bouncycastle.crypto.params.KeyParameter)
GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)
Example 20 with GCMBlockCipher
use of org.bouncycastle.crypto.modes.GCMBlockCipher in project elastic-core-maven by OrdinaryDude.
the class Crypto method aesGCMEncrypt.
public static byte[] aesGCMEncrypt(byte[] plaintext, byte[] key) {
try {
byte[] iv = new byte[16];
secureRandom.get().nextBytes(iv);
GCMBlockCipher aes = new GCMBlockCipher(new AESEngine());
CipherParameters ivAndKey = new ParametersWithIV(new KeyParameter(key), iv);
aes.init(true, ivAndKey);
byte[] output = new byte[aes.getOutputSize(plaintext.length)];
int ciphertextLength = aes.processBytes(plaintext, 0, plaintext.length, output, 0);
ciphertextLength += aes.doFinal(output, ciphertextLength);
byte[] result = new byte[iv.length + ciphertextLength];
System.arraycopy(iv, 0, result, 0, iv.length);
System.arraycopy(output, 0, result, iv.length, ciphertextLength);
return result;
} catch (InvalidCipherTextException e) {
throw new RuntimeException(e.getMessage(), e);
}
}
Also used :
CipherParameters(org.bouncycastle.crypto.CipherParameters)
ParametersWithIV(org.bouncycastle.crypto.params.ParametersWithIV)
AESEngine(org.bouncycastle.crypto.engines.AESEngine)
InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException)
KeyParameter(org.bouncycastle.crypto.params.KeyParameter)
GCMBlockCipher(org.bouncycastle.crypto.modes.GCMBlockCipher)
Aggregations
GCMBlockCipher (org.bouncycastle.crypto.modes.GCMBlockCipher)29
KeyParameter (org.bouncycastle.crypto.params.KeyParameter)22
AEADParameters (org.bouncycastle.crypto.params.AEADParameters)20
AESEngine (org.bouncycastle.crypto.engines.AESEngine)19
AEADBlockCipher (org.bouncycastle.crypto.modes.AEADBlockCipher)16
InvalidCipherTextException (org.bouncycastle.crypto.InvalidCipherTextException)6
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)5
IvParameterSpec (javax.crypto.spec.IvParameterSpec)5
SecretKeySpec (javax.crypto.spec.SecretKeySpec)5
CipherParameters (org.bouncycastle.crypto.CipherParameters)5
ByteArrayInputStream (java.io.ByteArrayInputStream)4
IOException (java.io.IOException)4
BlockCipher (org.bouncycastle.crypto.BlockCipher)4
InvalidCipherTextIOException (org.bouncycastle.crypto.io.InvalidCipherTextIOException)4
ParametersWithIV (org.bouncycastle.crypto.params.ParametersWithIV)4
Test (org.junit.Test)4
FileInputStream (java.io.FileInputStream)3
FileNotFoundException (java.io.FileNotFoundException)3
InputStream (java.io.InputStream)3
InvalidAlgorithmParameterException (java.security.InvalidAlgorithmParameterException)3
