public void performTest() { for (int i = 0; i < TEST_VECTORS.length; i++) { TestCase testCase = TEST_VECTORS[i]; Mac mac = new GMac(new GCMBlockCipher(new AESFastEngine()), testCase.getTag().length * 8); CipherParameters key = new KeyParameter(testCase.getKey()); mac.init(new ParametersWithIV(key, testCase.getIv())); testSingleByte(mac, testCase); testMultibyte(mac, testCase); } // Invalid mac size testInvalidMacSize(97); testInvalidMacSize(136); testInvalidMacSize(24); }
private void testInvalidMacSize(int size) { try { GMac mac = new GMac(new GCMBlockCipher(new AESFastEngine()), size); mac.init(new ParametersWithIV(null, new byte[16])); fail("Expected failure for illegal mac size " + size); } catch (IllegalArgumentException e) { if (!e.getMessage().startsWith("Invalid value for MAC size")) { fail("Illegal mac size failed with unexpected message"); } } }
private void runTestCase( GCMMultiplier encM, GCMMultiplier decM, String testName, byte[] K, byte[] IV, byte[] A, byte[] SA, byte[] P, byte[] C, byte[] T) throws InvalidCipherTextException { AEADParameters parameters = new AEADParameters(new KeyParameter(K), T.length * 8, IV, A); GCMBlockCipher encCipher = initCipher(encM, true, parameters); GCMBlockCipher decCipher = initCipher(decM, false, parameters); checkTestCase(encCipher, decCipher, testName, SA, P, C, T); checkTestCase(encCipher, decCipher, testName + " (reused)", SA, P, C, T); // Key reuse AEADParameters keyReuseParams = AEADTestUtil.reuseKey(parameters); encCipher.init(true, keyReuseParams); decCipher.init(false, keyReuseParams); checkTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T); }
public SAES256v01(byte[] secretBytes, byte[] salt) { this.salt = salt.clone(); secretBytes = secretBytes.clone(); if (secretBytes.length != KEY_SIZE_BYTES) { secretBytes = Hashing.sha256().hashBytes(secretBytes).asBytes(); } try { KeyParameter key = new KeyParameter(secretBytes); AEADParameters params = new AEADParameters(key, MAC_SIZE_BITS, this.salt); this.encryptor = new GCMBlockCipher(new AESFastEngine()); this.encryptor.init(true, params); this.decryptor = new GCMBlockCipher(new AESFastEngine()); this.decryptor.init(false, params); } catch (Exception e) { throw new RuntimeException("could not create cipher for AES256", e); } finally { Arrays.fill(secretBytes, (byte) 0); } }
public CipherWriteStreamValidation(byte[] secretBytes, byte[] salt) { this.salt = salt.clone(); secretBytes = secretBytes.clone(); if (secretBytes.length != KEY_SIZE_BYTES) { secretBytes = Hashing.sha256().hashBytes(secretBytes).asBytes(); } try { KeyParameter key = new KeyParameter(secretBytes); AEADParameters params = new AEADParameters(key, MAC_SIZE_BITS, this.salt); this.encryptor = new GCMBlockCipher(new AESFastEngine()); this.encryptor.init(true, params); this.decryptor = new GCMBlockCipher(new AESFastEngine()); this.decryptor.init(false, params); } catch (Exception e) { throw new RuntimeException("could not create cipher for AES256", e); } finally { Arrays.fill(secretBytes, (byte) 0); } }
private AesKeyId genKeyId() { try { final GCMBlockCipher gcm = new GCMBlockCipher(new AESFastEngine()); gcm.init(true, new AEADParameters( new KeyParameter(key), 128, KEYID_AD, KEYID_AD)); final byte[] ciphertext = new byte[gcm.getOutputSize(ZERO_BYTES.length)]; final int resp = gcm.processBytes(ZERO_BYTES, 0, ZERO_BYTES.length, ciphertext, 0); gcm.doFinal(ciphertext, resp); return new AesKeyId(ciphertext); } catch (final InvalidCipherTextException e) { // Should be impossible when we're encrypting! throw new RuntimeException( "Unexpected behaviour in crypto libraries", e); } }
public SequenceItem decrypt(final ConverterCatalog r, final AesPacket packet) throws InvalidInputException { final GCMBlockCipher gcm = new GCMBlockCipher(new AESFastEngine()); gcm.init(false, new AEADParameters( new KeyParameter(key), 128, packet.nonce, ZERO_BYTES)); final byte[] newtext = new byte[ gcm.getOutputSize(packet.ciphertext.length)]; final int pp = gcm.processBytes(packet.ciphertext, 0, packet.ciphertext.length, newtext, 0); try { gcm.doFinal(newtext, pp); } catch (final InvalidCipherTextException e) { throw new CryptographyException(e); } return ConvertUtils.fromBytes(r, SequenceItem.class, newtext); }
public static byte[] decrypt(byte[] key, byte[] data) { // TODO utilize GCMAES#decrypt method try { if (data.length < NONCE_LENGTH + TAG_LENGTH) { throw new IllegalArgumentException("data packet too short"); } int cipherTextLength = data.length - NONCE_LENGTH - TAG_LENGTH; byte[] nonce = Arrays.copyOf(data, NONCE_LENGTH); GCMBlockCipher cipher = new GCMBlockCipher(new AESFastEngine()); AEADParameters parameters = new AEADParameters(new KeyParameter(key), TAG_LENGTH * 8, nonce); cipher.init(false, parameters); byte[] out = new byte[cipher.getOutputSize(cipherTextLength + TAG_LENGTH)]; int pos = cipher.processBytes(data, NONCE_LENGTH, data.length - NONCE_LENGTH, out, 0); pos += cipher.doFinal(out, pos); return Arrays.copyOf(out, pos); } catch (IllegalStateException | InvalidCipherTextException ex) { throw new IllegalArgumentException(ex); } }
public void performTest() { for (int i = 0; i < TEST_VECTORS.length; i++) { TestCase testCase = TEST_VECTORS[i]; Mac mac = new GMac(new GCMBlockCipher(new AESFastEngine()), testCase.getTag().length * 8); CipherParameters key = new KeyParameter(testCase.getKey()); mac.init(new ParametersWithIV(key, testCase.getIv())); testSingleByte(mac, testCase); testMultibyte(mac, testCase); } // Invalid mac size testInvalidMacSize(97); testInvalidMacSize(136); testInvalidMacSize(88); testInvalidMacSize(64); }
private void runTestCase( GCMMultiplier encM, GCMMultiplier decM, String testName, byte[] K, byte[] IV, byte[] A, byte[] SA, byte[] P, byte[] C, byte[] T) throws InvalidCipherTextException { AEADParameters parameters = new AEADParameters(new KeyParameter(K), T.length * 8, IV, A); GCMBlockCipher encCipher = initCipher(encM, true, parameters); GCMBlockCipher decCipher = initCipher(decM, false, parameters); checkTestCase(encCipher, decCipher, testName, SA, P, C, T); checkTestCase(encCipher, decCipher, testName + " (reused)", SA, P, C, T); // Key reuse AEADParameters keyReuseParams = new AEADParameters(null, parameters.getMacSize(), parameters.getNonce(), parameters.getAssociatedText()); encCipher.init(true, keyReuseParams); decCipher.init(false, keyReuseParams); checkTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T); checkTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T); }
protected void init(boolean encryption, PlainFileKey fileKey) throws IllegalArgumentException { byte[] key = CryptoUtils.stringToByteArray(fileKey.getKey()); byte[] iv = CryptoUtils.stringToByteArray(fileKey.getIv()); AEADParameters parameters = new AEADParameters(new KeyParameter(key), 8 * TAG_SIZE, iv); realCipher = new GCMBlockCipher(new AESFastEngine()); realCipher.init(encryption, parameters); }
private void testModes(BlockCipher cipher1, BlockCipher cipher2, int keySize) throws Exception { final KeyParameter key = new KeyParameter(new byte[keySize]); final int blockSize = getBlockSize(cipher1); final CipherParameters withIv = new ParametersWithIV(key, new byte[blockSize]); if (blockSize > 1) { testMode(new PaddedBufferedBlockCipher(cipher1, new PKCS7Padding()), key); testMode(new PaddedBufferedBlockCipher(new CBCBlockCipher(cipher1), new PKCS7Padding()), withIv); testMode(new BufferedBlockCipher(new OFBBlockCipher(cipher1, blockSize)), withIv); testMode(new BufferedBlockCipher(new CFBBlockCipher(cipher1, blockSize)), withIv); testMode(new BufferedBlockCipher(new SICBlockCipher(cipher1)), withIv); } // CTS requires at least one block if (blockSize <= 16 && streamSize >= blockSize) { testMode(new CTSBlockCipher(cipher1), key); } if (blockSize <= 16 && streamSize >= blockSize) { testMode(new NISTCTSBlockCipher(NISTCTSBlockCipher.CS1, cipher1), key); testMode(new NISTCTSBlockCipher(NISTCTSBlockCipher.CS2, cipher1), key); testMode(new NISTCTSBlockCipher(NISTCTSBlockCipher.CS3, cipher1), key); } if (blockSize == 8 || blockSize == 16) { testMode(new EAXBlockCipher(cipher1), withIv); } if (blockSize == 16) { testMode(new CCMBlockCipher(cipher1), new ParametersWithIV(key, new byte[7])); testMode(new GCMBlockCipher(cipher1), withIv); testMode(new OCBBlockCipher(cipher1, cipher2), new ParametersWithIV(key, new byte[15])); } }
private void outputSizeTests() { byte[] K = new byte[16]; byte[] A = null; byte[] IV = new byte[16]; AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A); GCMBlockCipher cipher = initCipher(null, true, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes encryption"); } if (cipher.getOutputSize(0) != 16) { fail("incorrect getOutputSize for initial 0 bytes encryption"); } cipher.init(false, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes decryption"); } // NOTE: 0 bytes would be truncated data, but we want it to fail in the doFinal, not here if (cipher.getOutputSize(0) != 0) { fail("fragile getOutputSize for initial 0 bytes decryption"); } if (cipher.getOutputSize(16) != 0) { fail("incorrect getOutputSize for initial MAC-size bytes decryption"); } }
@Override protected Mac getMac(String mode) { if (!currentMode.equals(mode) || mac == null) { BlockCipher engine = BlockCiphers.getBlockCipherEngine(mode); mac = new org.bouncycastle.crypto.macs.GMac(new GCMBlockCipher(engine)); currentMode = mode; } return mac; }
public AesPacket encrypt(final SequenceItem message) { final byte[] nonce = Ec.randomBytes(12); final GCMBlockCipher gcm = new GCMBlockCipher(new AESFastEngine()); gcm.init(true, new AEADParameters( new KeyParameter(key), 128, nonce, ZERO_BYTES)); final byte[] plaintext = ConvertUtils.toBytes(message); final byte[] ciphertext = new byte[gcm.getOutputSize(plaintext.length)]; final int resp = gcm.processBytes(plaintext, 0, plaintext.length, ciphertext, 0); try { gcm.doFinal(ciphertext, resp); } catch (final InvalidCipherTextException e) { // Should be impossible when we're encrypting! throw new RuntimeException( "Unexpected behaviour in crypto libraries", e); } return new AesPacket(getKeyId(), nonce, ciphertext); }
/** * Returns decrypted data. * * @param key * @param nonce nonce/ IV * @param header * @param encryptedData * @param tag * @param optional optional AADBytes (post header) * @return decrypted data * @throws IllegalArgumentException on decryption exceptions * @throws NullPointerException on null arguments */ public static byte[] decrypt( byte[] key, byte[] nonce, byte[] header, byte[] encryptedData, byte[] tag, Optional<byte[]> optional) { try { GCMBlockCipher cipher = new GCMBlockCipher(new AESFastEngine()); AEADParameters parameters = new AEADParameters(new KeyParameter(key), tag.length * 8, nonce, header); cipher.init(false, parameters); if (optional.isPresent()) { byte[] aadBytes = optional.get(); cipher.processAADBytes(aadBytes, 0, aadBytes.length); } byte[] out = new byte[cipher.getOutputSize(encryptedData.length + tag.length)]; int pos = cipher.processBytes(encryptedData, 0, encryptedData.length, out, 0); pos += cipher.processBytes(tag, 0, tag.length, out, pos); pos += cipher.doFinal(out, pos); return Arrays.copyOf(out, pos); } catch (IllegalStateException | InvalidCipherTextException | RuntimeCryptoException ex) { throw new IllegalStateException("GCM decrypt error", ex); } }
public CipherOutputStream newCipherOutputStream(OutputStream os, byte[] password) throws IOException { byte[] salt = randomBytes(saltLength); byte[] nonce = randomBytes(nonceLength); os.write(salt); os.write(nonce); byte[] dk = kdf.apply(password, salt); GCMBlockCipher cipher = new GCMBlockCipher(new AESEngine()); AEADParameters parameters = new AEADParameters(new KeyParameter(dk), tagLength * 8, nonce); cipher.init(true, parameters); return new CipherOutputStream(os, cipher); }
public CipherInputStream newCipherInputStream(InputStream is, byte[] password) throws IOException { byte[] salt = IOUtils.readFully(is, saltLength); byte[] nonce = IOUtils.readFully(is, nonceLength); byte[] dk = kdf.apply(password, salt); GCMBlockCipher cipher = new GCMBlockCipher(new AESEngine()); AEADParameters parameters = new AEADParameters(new KeyParameter(dk), tagLength * 8, nonce); cipher.init(false, parameters); return new CipherInputStream(is, cipher); }
public static byte[] aesGcmEncrypt(Transformation transformation, byte[] raw, byte[] secret, int atLength, byte[] iv, byte[] aad) throws Exception { BlockCipher blockCipher = new AESEngine(); blockCipher.init(true, new KeyParameter(new SecretKeySpec(secret, "AES").getEncoded())); GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher); aGCMBlockCipher.init(true, new AEADParameters(new KeyParameter(secret), atLength, iv, aad)); int len = aGCMBlockCipher.getOutputSize(raw.length); byte[] out = new byte[len]; int outOff = aGCMBlockCipher.processBytes(raw, 0, raw.length, out, 0); aGCMBlockCipher.doFinal(out, outOff); return out; }
public static byte[] aesGcmDecrypt(Transformation transformation, byte[] encryptedData, byte[] secret, int atLength, byte[] iv, byte[] aad) throws Exception { BlockCipher blockCipher = new AESEngine(); blockCipher.init(false, new KeyParameter(new SecretKeySpec(secret, "AES").getEncoded())); GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher); aGCMBlockCipher.init(false, new AEADParameters(new KeyParameter(secret), atLength, iv, aad)); int len = aGCMBlockCipher.getOutputSize(encryptedData.length); byte[] out = new byte[len]; int outOff = aGCMBlockCipher.processBytes(encryptedData, 0, encryptedData.length, out, 0); aGCMBlockCipher.doFinal(out, outOff); return out; }
public static InputStream setupInputStream(InputStream is, byte[] keyAndIv) { if (keyAndIv != null && keyAndIv.length == 48) { byte[] key = new byte[32]; byte[] iv = new byte[16]; System.arraycopy(keyAndIv, 0, iv, 0, 16); System.arraycopy(keyAndIv, 16, key, 0, 32); AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); cipher.init(true, new AEADParameters(new KeyParameter(key), 128, iv)); return new CipherInputStream(is, cipher); } else { return is; } }
public static OutputStream setupOutputStream(OutputStream os, String reference) { if (reference != null && reference.length() == 96) { byte[] keyAndIv = hexToBytes(reference); byte[] key = new byte[32]; byte[] iv = new byte[16]; System.arraycopy(keyAndIv, 0, iv, 0, 16); System.arraycopy(keyAndIv, 16, key, 0, 32); AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); cipher.init(false, new AEADParameters(new KeyParameter(key), 128, iv)); return new CipherOutputStream(os, cipher); } else { return os; } }
public static void main(String[] args) { testMac(new HMac(new SHA1Digest()), new KeyParameter(generateNonce(20)), 3); testMac(new SkeinMac(SkeinMac.SKEIN_512, 128), new KeyParameter(generateNonce(64)), 2); testMac(new SipHash(), new KeyParameter(generateNonce(16)), 1); testMac(new CMac(new AESFastEngine()), new KeyParameter(generateNonce(16)), 3); testMac(new GMac(new GCMBlockCipher(new AESFastEngine())), new ParametersWithIV(new KeyParameter( generateNonce(16)), generateNonce(16)), 5); testMac(new Poly1305(new NullEngine(16)), new ParametersWithIV(generatePoly1305Key(), generateNonce(16)), 1); testMac(new Poly1305(new AESFastEngine()), new ParametersWithIV(generatePoly1305Key(), generateNonce(16)), 1); testMac(new Poly1305Reference(new NullEngine(16)), new ParametersWithIV(generatePoly1305Key(), generateNonce(16)), 1); }
private void testInvalidMacSize(int size) { try { GMac mac = new GMac(new GCMBlockCipher(new AESFastEngine()), size); mac.init(new ParametersWithIV(null, new byte[16])); fail("Expected failure for illegal mac size " + size); } catch (IllegalArgumentException e) { } }
private void outputSizeTests() { byte[] K = new byte[16]; byte[] A = null; byte[] IV = new byte[16]; GCMBlockCipher cipher = new GCMBlockCipher(new AESFastEngine(), new BasicGCMMultiplier()); AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A); cipher.init(true, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes encryption"); } if (cipher.getOutputSize(0) != 16) { fail("incorrect getOutputSize for initial 0 bytes encryption"); } cipher.init(false, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes decryption"); } // NOTE: 0 bytes would be truncated data, but we want it to fail in the doFinal, not here if (cipher.getOutputSize(0) != 0) { fail("fragile getOutputSize for initial 0 bytes decryption"); } if (cipher.getOutputSize(16) != 0) { fail("incorrect getOutputSize for initial MAC-size bytes decryption"); } }
/** * Retrieve a new instance of the block mode provided * @param blockMode block mode name * @return instance to the block mode */ public static AEADBlockCipher getNewCipher(Mode blockMode) { AESEngine aesEngine = new AESEngine(); switch (blockMode) { case GCM: return new GCMBlockCipher(aesEngine); default: throw new RuntimeException("Block cipher not found"); } }
@Override public byte[] encrypt(byte[] data, byte[] randomKeyBytes) throws IOException, InvalidKeyException, InvalidAlgorithmParameterException, InvalidCipherTextException { AEADBlockCipher cipher = new GCMBlockCipher(new AESFastEngine()); cipher.init(true, new AEADParameters(new KeyParameter(randomKeyBytes), 128, randomIvBytes)); return cipherData(cipher, data); }
@Override public byte[] decrypt(byte[] data, byte[] randomKey) throws InvalidKeyException, InvalidAlgorithmParameterException, IOException, IllegalStateException, InvalidCipherTextException { AEADBlockCipher cipher = new GCMBlockCipher(new AESFastEngine()); cipher.init(false, new AEADParameters(new KeyParameter(randomKey), 128, randomIvBytes)); return cipherData(cipher, data); }
protected AEADBlockCipher createAEADBlockCipher_AES_GCM() { // TODO Consider allowing custom configuration of multiplier return new GCMBlockCipher(new AESFastEngine()); }
public GMAC() { super(new GMac(new GCMBlockCipher(new RC6Engine()))); }
public GMAC() { super(new GMac(new GCMBlockCipher(new SEEDEngine()))); }
public GMAC() { super(new GMac(new GCMBlockCipher(new TwofishEngine()))); }
public GMAC() { super(new GMac(new GCMBlockCipher(new NoekeonEngine()))); }
public GMAC() { super(new GMac(new GCMBlockCipher(new CamelliaEngine()))); }
public GMAC() { super(new GMac(new GCMBlockCipher(new CAST6Engine()))); }
