/** * Initialises the GMAC - requires a {@link ParametersWithIV} providing a {@link KeyParameter} * and a nonce. */ public void init(final CipherParameters params) throws IllegalArgumentException { if (params instanceof ParametersWithIV) { final ParametersWithIV param = (ParametersWithIV)params; final byte[] iv = param.getIV(); final KeyParameter keyParam = (KeyParameter)param.getParameters(); // GCM is always operated in encrypt mode to calculate MAC cipher.init(true, new AEADParameters(keyParam, macSizeBits, iv)); } else { throw new IllegalArgumentException("GMAC requires ParametersWithIV"); } }
private void runTestCase(String testName, String[] testVector, int macLengthBits, byte[] K) throws InvalidCipherTextException { int pos = 0; byte[] N = Hex.decode(testVector[pos++]); byte[] A = Hex.decode(testVector[pos++]); byte[] P = Hex.decode(testVector[pos++]); byte[] C = Hex.decode(testVector[pos++]); int macLengthBytes = macLengthBits / 8; KeyParameter keyParameter = new KeyParameter(K); AEADParameters parameters = new AEADParameters(keyParameter, macLengthBits, N, A); AEADBlockCipher encCipher = initOCBCipher(true, parameters); AEADBlockCipher decCipher = initOCBCipher(false, parameters); checkTestCase(encCipher, decCipher, testName, macLengthBytes, P, C); checkTestCase(encCipher, decCipher, testName + " (reused)", macLengthBytes, P, C); // Key reuse AEADParameters keyReuseParams = AEADTestUtil.reuseKey(parameters); encCipher.init(true, keyReuseParams); decCipher.init(false, keyReuseParams); checkTestCase(encCipher, decCipher, testName + " (key reuse)", macLengthBytes, P, C); }
private void doEax(byte[] key, byte[] iv, byte[] pt, byte[] aad, int tagLength, byte[] expected) throws InvalidCipherTextException { EAXBlockCipher c = new EAXBlockCipher(new SerpentEngine()); c.init(true, new AEADParameters(new KeyParameter(key), tagLength, iv, aad)); byte[] out = new byte[expected.length]; int len = c.processBytes(pt, 0, pt.length, out, 0); c.doFinal(out, len); if (!Arrays.areEqual(expected, out)) { fail("EAX test failed"); } }
private void runTestCase( GCMMultiplier encM, GCMMultiplier decM, String testName, byte[] K, byte[] IV, byte[] A, byte[] SA, byte[] P, byte[] C, byte[] T) throws InvalidCipherTextException { AEADParameters parameters = new AEADParameters(new KeyParameter(K), T.length * 8, IV, A); GCMBlockCipher encCipher = initCipher(encM, true, parameters); GCMBlockCipher decCipher = initCipher(decM, false, parameters); checkTestCase(encCipher, decCipher, testName, SA, P, C, T); checkTestCase(encCipher, decCipher, testName + " (reused)", SA, P, C, T); // Key reuse AEADParameters keyReuseParams = AEADTestUtil.reuseKey(parameters); encCipher.init(true, keyReuseParams); decCipher.init(false, keyReuseParams); checkTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T); }
public SAES256v01(byte[] secretBytes, byte[] salt) { this.salt = salt.clone(); secretBytes = secretBytes.clone(); if (secretBytes.length != KEY_SIZE_BYTES) { secretBytes = Hashing.sha256().hashBytes(secretBytes).asBytes(); } try { KeyParameter key = new KeyParameter(secretBytes); AEADParameters params = new AEADParameters(key, MAC_SIZE_BITS, this.salt); this.encryptor = new GCMBlockCipher(new AESFastEngine()); this.encryptor.init(true, params); this.decryptor = new GCMBlockCipher(new AESFastEngine()); this.decryptor.init(false, params); } catch (Exception e) { throw new RuntimeException("could not create cipher for AES256", e); } finally { Arrays.fill(secretBytes, (byte) 0); } }
public CipherWriteStreamValidation(byte[] secretBytes, byte[] salt) { this.salt = salt.clone(); secretBytes = secretBytes.clone(); if (secretBytes.length != KEY_SIZE_BYTES) { secretBytes = Hashing.sha256().hashBytes(secretBytes).asBytes(); } try { KeyParameter key = new KeyParameter(secretBytes); AEADParameters params = new AEADParameters(key, MAC_SIZE_BITS, this.salt); this.encryptor = new GCMBlockCipher(new AESFastEngine()); this.encryptor.init(true, params); this.decryptor = new GCMBlockCipher(new AESFastEngine()); this.decryptor.init(false, params); } catch (Exception e) { throw new RuntimeException("could not create cipher for AES256", e); } finally { Arrays.fill(secretBytes, (byte) 0); } }
public EAXEncryptStream(byte[] key, byte[] nonce, byte[] associatedData, OutputStream os) { if(key.length != KEY_LENGTH_BYTES) { throw new IllegalArgumentException("key must be " + KEY_LENGTH_BYTES*8 + " bits"); } this.cipher = new EAXBlockCipher(new AESEngine()); this.os = os; keyParameter = new KeyParameter(key); AEADParameters par = new AEADParameters(keyParameter, EAXDecryptStream.MAC_LEN_BITS, nonce, associatedData); cipher.init(true, par); out = new byte[BUFFER_SIZE]; }
public EAXDecryptStream(byte[] key, byte[] nonce, byte[] associatedData, InputStream in) { if(key.length != KEY_LENGTH_BYTES) { throw new IllegalArgumentException("key must be " + KEY_LENGTH_BYTES*8 + " bits"); } this.in = in; this.cipher = new EAXBlockCipher(new AESEngine()); keyParameter = new KeyParameter(key); AEADParameters par = new AEADParameters(keyParameter, MAC_LEN_BITS, nonce, associatedData); cipher.init(false, par); out = new byte[BUFFER_SIZE]; buf = new byte[BUFFER_SIZE]; }
private AesKeyId genKeyId() { try { final GCMBlockCipher gcm = new GCMBlockCipher(new AESFastEngine()); gcm.init(true, new AEADParameters( new KeyParameter(key), 128, KEYID_AD, KEYID_AD)); final byte[] ciphertext = new byte[gcm.getOutputSize(ZERO_BYTES.length)]; final int resp = gcm.processBytes(ZERO_BYTES, 0, ZERO_BYTES.length, ciphertext, 0); gcm.doFinal(ciphertext, resp); return new AesKeyId(ciphertext); } catch (final InvalidCipherTextException e) { // Should be impossible when we're encrypting! throw new RuntimeException( "Unexpected behaviour in crypto libraries", e); } }
public SequenceItem decrypt(final ConverterCatalog r, final AesPacket packet) throws InvalidInputException { final GCMBlockCipher gcm = new GCMBlockCipher(new AESFastEngine()); gcm.init(false, new AEADParameters( new KeyParameter(key), 128, packet.nonce, ZERO_BYTES)); final byte[] newtext = new byte[ gcm.getOutputSize(packet.ciphertext.length)]; final int pp = gcm.processBytes(packet.ciphertext, 0, packet.ciphertext.length, newtext, 0); try { gcm.doFinal(newtext, pp); } catch (final InvalidCipherTextException e) { throw new CryptographyException(e); } return ConvertUtils.fromBytes(r, SequenceItem.class, newtext); }
public static byte[] decrypt(byte[] key, byte[] data) { // TODO utilize GCMAES#decrypt method try { if (data.length < NONCE_LENGTH + TAG_LENGTH) { throw new IllegalArgumentException("data packet too short"); } int cipherTextLength = data.length - NONCE_LENGTH - TAG_LENGTH; byte[] nonce = Arrays.copyOf(data, NONCE_LENGTH); GCMBlockCipher cipher = new GCMBlockCipher(new AESFastEngine()); AEADParameters parameters = new AEADParameters(new KeyParameter(key), TAG_LENGTH * 8, nonce); cipher.init(false, parameters); byte[] out = new byte[cipher.getOutputSize(cipherTextLength + TAG_LENGTH)]; int pos = cipher.processBytes(data, NONCE_LENGTH, data.length - NONCE_LENGTH, out, 0); pos += cipher.doFinal(out, pos); return Arrays.copyOf(out, pos); } catch (IllegalStateException | InvalidCipherTextException ex) { throw new IllegalArgumentException(ex); } }
private void runTestCase( GCMMultiplier encM, GCMMultiplier decM, String testName, byte[] K, byte[] IV, byte[] A, byte[] SA, byte[] P, byte[] C, byte[] T) throws InvalidCipherTextException { AEADParameters parameters = new AEADParameters(new KeyParameter(K), T.length * 8, IV, A); GCMBlockCipher encCipher = initCipher(encM, true, parameters); GCMBlockCipher decCipher = initCipher(decM, false, parameters); checkTestCase(encCipher, decCipher, testName, SA, P, C, T); checkTestCase(encCipher, decCipher, testName + " (reused)", SA, P, C, T); // Key reuse AEADParameters keyReuseParams = new AEADParameters(null, parameters.getMacSize(), parameters.getNonce(), parameters.getAssociatedText()); encCipher.init(true, keyReuseParams); decCipher.init(false, keyReuseParams); checkTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T); checkTestCase(encCipher, decCipher, testName + " (key reuse)", SA, P, C, T); }
/** * Given the IV, encrypt the provided data * * @param IV initialization vector * @param message data to be encrypted * @return byte array with the cipher text * @throws RuntimeException */ public byte[] encrypt(final byte[] IV, final byte[] message) throws RuntimeException { AEADParameters aeadParams = new AEADParameters( new KeyParameter(key), TAG_LENGTH, IV, authData); cipher.init(true, aeadParams); byte[] cipherText = newBuffer(cipher.getOutputSize(message.length)); int outputOffset = cipher.processBytes(message, 0, message.length, cipherText, 0); try { cipher.doFinal(cipherText, outputOffset); } catch (InvalidCipherTextException e) { throw new RuntimeException("Error: ", e); } return cipherText; }
/** * Given the IV, decrypt the provided data * * @param IV initialization vector * @param cipherText data to be decrypted * @return byte array with the plain text * @throws RuntimeException */ public byte[] decrypt(byte[] IV, byte[] cipherText) throws RuntimeException { AEADParameters aeadParams = new AEADParameters( new KeyParameter(key), TAG_LENGTH, IV, authData); cipher.init(false, aeadParams); byte[] buffer = newByteArray(cipherText); byte[] plainText = newBuffer(cipher.getOutputSize(cipherText.length)); int outputOffset = cipher.processBytes(buffer, 0, buffer.length, plainText, 0); try { cipher.doFinal(plainText, outputOffset); } catch (InvalidCipherTextException e) { throw new RuntimeException("Error: ", e); } return plainText; }
@Override public void transform(InputStream in, OutputStream out) { try { AEADBlockCipher aeadBlockCipher = createAEADBlockCipher(); AEADParameters aeadParameters = new AEADParameters(new KeyParameter(key.getKey()), Constants.GCM_MAC_SIZE, nonce, nonSecretPayload); aeadBlockCipher.init(true, aeadParameters); // Write nonce as first 4 bytes out.write(this.nonce); try (CipherInputStream cipherInputStream = new CipherInputStream(in, aeadBlockCipher)) { IOUtils.copy(cipherInputStream, out); } } catch (Exception ex) { LOG.error(ex.getMessage(), ex); throw new EncryptorException(ex.getMessage(), ex); } }
@Override public void transform(InputStream in, OutputStream out) { try { AEADBlockCipher aeadBlockCipher = createAEADBlockCipher(); // Read the first 4 bytes as they contains nonce byte[] nonce = new byte[4]; int bytesRead = in.read(nonce); if (bytesRead < 4) { throw new RuntimeException("Failed to read nonce! Bytes read=" + bytesRead); } AEADParameters aeadParameters = new AEADParameters(new KeyParameter(key.getKey()), Constants.GCM_MAC_SIZE, nonce, nonSecretPayload); aeadBlockCipher.init(false, aeadParameters); try (CipherOutputStream cipherOutputStream = new CipherOutputStream(out, aeadBlockCipher)) { IOUtils.copy(in, cipherOutputStream); } } catch (IOException ex) { LOG.error(ex.getMessage(), ex); throw new EncryptorException(ex.getMessage(), ex); } }
protected void init(boolean encryption, PlainFileKey fileKey) throws IllegalArgumentException { byte[] key = CryptoUtils.stringToByteArray(fileKey.getKey()); byte[] iv = CryptoUtils.stringToByteArray(fileKey.getIv()); AEADParameters parameters = new AEADParameters(new KeyParameter(key), 8 * TAG_SIZE, iv); realCipher = new GCMBlockCipher(new AESFastEngine()); realCipher.init(encryption, parameters); }
private void outputSizeTests() { byte[] K = new byte[16]; byte[] A = null; byte[] IV = new byte[15]; AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A); AEADBlockCipher cipher = initOCBCipher(true, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes encryption"); } if (cipher.getOutputSize(0) != 16) { fail("incorrect getOutputSize for initial 0 bytes encryption"); } cipher.init(false, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes decryption"); } // NOTE: 0 bytes would be truncated data, but we want it to fail in the doFinal, not here if (cipher.getOutputSize(0) != 0) { fail("fragile getOutputSize for initial 0 bytes decryption"); } if (cipher.getOutputSize(16) != 0) { fail("incorrect getOutputSize for initial MAC-size bytes decryption"); } }
private void outputSizeTests() { byte[] K = new byte[16]; byte[] A = null; byte[] IV = new byte[16]; AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A); GCMBlockCipher cipher = initCipher(null, true, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes encryption"); } if (cipher.getOutputSize(0) != 16) { fail("incorrect getOutputSize for initial 0 bytes encryption"); } cipher.init(false, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes decryption"); } // NOTE: 0 bytes would be truncated data, but we want it to fail in the doFinal, not here if (cipher.getOutputSize(0) != 0) { fail("fragile getOutputSize for initial 0 bytes decryption"); } if (cipher.getOutputSize(16) != 0) { fail("incorrect getOutputSize for initial MAC-size bytes decryption"); } }
private void randomTest( SecureRandom srng) throws InvalidCipherTextException { int DAT_LEN = srng.nextInt() >>> 22; // Note: JDK1.0 compatibility byte[] nonce = new byte[NONCE_LEN]; byte[] authen = new byte[AUTHEN_LEN]; byte[] datIn = new byte[DAT_LEN]; byte[] key = new byte[16]; srng.nextBytes(nonce); srng.nextBytes(authen); srng.nextBytes(datIn); srng.nextBytes(key); AESFastEngine engine = new AESFastEngine(); KeyParameter sessKey = new KeyParameter(key); EAXBlockCipher eaxCipher = new EAXBlockCipher(engine); AEADParameters params = new AEADParameters(sessKey, MAC_LEN * 8, nonce, authen); eaxCipher.init(true, params); byte[] intrDat = new byte[eaxCipher.getOutputSize(datIn.length)]; int outOff = eaxCipher.processBytes(datIn, 0, DAT_LEN, intrDat, 0); outOff += eaxCipher.doFinal(intrDat, outOff); eaxCipher.init(false, params); byte[] datOut = new byte[eaxCipher.getOutputSize(outOff)]; int resultLen = eaxCipher.processBytes(intrDat, 0, outOff, datOut, 0); eaxCipher.doFinal(datOut, resultLen); if (!areEqual(datIn, datOut)) { fail("EAX roundtrip failed to match"); } }
public static final byte[] encrypt(byte[] data) throws Exception { EAXBlockCipher cipher = new EAXBlockCipher(new AESEngine()); byte[] nonce = new byte[NONCE_SIZE_BYTES]; new SecureRandom().nextBytes(nonce); byte[] key = generateKey(); KeyParameter kp = new KeyParameter(key); try { AEADParameters par = new AEADParameters(kp, MAC_SIZE_BITS, nonce, ZERO_BYTE_ARRAY); cipher.init(true, par); int sz = cipher.getOutputSize(data.length); byte[] out = new byte[NONCE_SIZE_BYTES + sz]; System.arraycopy(nonce, 0, out, 0, NONCE_SIZE_BYTES); int off = NONCE_SIZE_BYTES; off += cipher.processBytes(data, 0, data.length, out, off); cipher.doFinal(out, off); return out; } finally { Crypto.zero(kp); Crypto.zero(key); } }
public static final byte[] decrypt(byte[] data) throws Exception { EAXBlockCipher cipher = new EAXBlockCipher(new AESEngine()); byte[] nonce = new byte[NONCE_SIZE_BYTES]; System.arraycopy(data, 0, nonce, 0, NONCE_SIZE_BYTES); byte[] key = generateKey(); KeyParameter kp = new KeyParameter(key); try { AEADParameters par = new AEADParameters(kp, MAC_SIZE_BITS, nonce, ZERO_BYTE_ARRAY); cipher.init(false, par); int sz = cipher.getOutputSize(data.length - NONCE_SIZE_BYTES); byte[] out = new byte[sz]; int off = cipher.processBytes(data, NONCE_SIZE_BYTES, data.length - NONCE_SIZE_BYTES, out, 0); cipher.doFinal(out, off); return out; } finally { Crypto.zero(kp); Crypto.zero(key); } }
public AesPacket encrypt(final SequenceItem message) { final byte[] nonce = Ec.randomBytes(12); final GCMBlockCipher gcm = new GCMBlockCipher(new AESFastEngine()); gcm.init(true, new AEADParameters( new KeyParameter(key), 128, nonce, ZERO_BYTES)); final byte[] plaintext = ConvertUtils.toBytes(message); final byte[] ciphertext = new byte[gcm.getOutputSize(plaintext.length)]; final int resp = gcm.processBytes(plaintext, 0, plaintext.length, ciphertext, 0); try { gcm.doFinal(ciphertext, resp); } catch (final InvalidCipherTextException e) { // Should be impossible when we're encrypting! throw new RuntimeException( "Unexpected behaviour in crypto libraries", e); } return new AesPacket(getKeyId(), nonce, ciphertext); }
/** * Returns decrypted data. * * @param key * @param nonce nonce/ IV * @param header * @param encryptedData * @param tag * @param optional optional AADBytes (post header) * @return decrypted data * @throws IllegalArgumentException on decryption exceptions * @throws NullPointerException on null arguments */ public static byte[] decrypt( byte[] key, byte[] nonce, byte[] header, byte[] encryptedData, byte[] tag, Optional<byte[]> optional) { try { GCMBlockCipher cipher = new GCMBlockCipher(new AESFastEngine()); AEADParameters parameters = new AEADParameters(new KeyParameter(key), tag.length * 8, nonce, header); cipher.init(false, parameters); if (optional.isPresent()) { byte[] aadBytes = optional.get(); cipher.processAADBytes(aadBytes, 0, aadBytes.length); } byte[] out = new byte[cipher.getOutputSize(encryptedData.length + tag.length)]; int pos = cipher.processBytes(encryptedData, 0, encryptedData.length, out, 0); pos += cipher.processBytes(tag, 0, tag.length, out, pos); pos += cipher.doFinal(out, pos); return Arrays.copyOf(out, pos); } catch (IllegalStateException | InvalidCipherTextException | RuntimeCryptoException ex) { throw new IllegalStateException("GCM decrypt error", ex); } }
public CipherOutputStream newCipherOutputStream(OutputStream os, byte[] password) throws IOException { byte[] salt = randomBytes(saltLength); byte[] nonce = randomBytes(nonceLength); os.write(salt); os.write(nonce); byte[] dk = kdf.apply(password, salt); GCMBlockCipher cipher = new GCMBlockCipher(new AESEngine()); AEADParameters parameters = new AEADParameters(new KeyParameter(dk), tagLength * 8, nonce); cipher.init(true, parameters); return new CipherOutputStream(os, cipher); }
public CipherInputStream newCipherInputStream(InputStream is, byte[] password) throws IOException { byte[] salt = IOUtils.readFully(is, saltLength); byte[] nonce = IOUtils.readFully(is, nonceLength); byte[] dk = kdf.apply(password, salt); GCMBlockCipher cipher = new GCMBlockCipher(new AESEngine()); AEADParameters parameters = new AEADParameters(new KeyParameter(dk), tagLength * 8, nonce); cipher.init(false, parameters); return new CipherInputStream(is, cipher); }
public static byte[] aesGcmEncrypt(Transformation transformation, byte[] raw, byte[] secret, int atLength, byte[] iv, byte[] aad) throws Exception { BlockCipher blockCipher = new AESEngine(); blockCipher.init(true, new KeyParameter(new SecretKeySpec(secret, "AES").getEncoded())); GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher); aGCMBlockCipher.init(true, new AEADParameters(new KeyParameter(secret), atLength, iv, aad)); int len = aGCMBlockCipher.getOutputSize(raw.length); byte[] out = new byte[len]; int outOff = aGCMBlockCipher.processBytes(raw, 0, raw.length, out, 0); aGCMBlockCipher.doFinal(out, outOff); return out; }
public static byte[] aesGcmDecrypt(Transformation transformation, byte[] encryptedData, byte[] secret, int atLength, byte[] iv, byte[] aad) throws Exception { BlockCipher blockCipher = new AESEngine(); blockCipher.init(false, new KeyParameter(new SecretKeySpec(secret, "AES").getEncoded())); GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher); aGCMBlockCipher.init(false, new AEADParameters(new KeyParameter(secret), atLength, iv, aad)); int len = aGCMBlockCipher.getOutputSize(encryptedData.length); byte[] out = new byte[len]; int outOff = aGCMBlockCipher.processBytes(encryptedData, 0, encryptedData.length, out, 0); aGCMBlockCipher.doFinal(out, outOff); return out; }
public static InputStream setupInputStream(InputStream is, byte[] keyAndIv) { if (keyAndIv != null && keyAndIv.length == 48) { byte[] key = new byte[32]; byte[] iv = new byte[16]; System.arraycopy(keyAndIv, 0, iv, 0, 16); System.arraycopy(keyAndIv, 16, key, 0, 32); AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); cipher.init(true, new AEADParameters(new KeyParameter(key), 128, iv)); return new CipherInputStream(is, cipher); } else { return is; } }
public static OutputStream setupOutputStream(OutputStream os, String reference) { if (reference != null && reference.length() == 96) { byte[] keyAndIv = hexToBytes(reference); byte[] key = new byte[32]; byte[] iv = new byte[16]; System.arraycopy(keyAndIv, 0, iv, 0, 16); System.arraycopy(keyAndIv, 16, key, 0, 32); AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); cipher.init(false, new AEADParameters(new KeyParameter(key), 128, iv)); return new CipherOutputStream(os, cipher); } else { return os; } }
private void runTestCase(String testName, String[] testVector, int macLengthBits) throws InvalidCipherTextException { byte[] key = Hex.decode(K); byte[] nonce = Hex.decode(N); int pos = 0; byte[] A = Hex.decode(testVector[pos++]); byte[] P = Hex.decode(testVector[pos++]); byte[] C = Hex.decode(testVector[pos++]); int macLengthBytes = macLengthBits / 8; // TODO Variations processing AAD and cipher bytes incrementally KeyParameter keyParameter = new KeyParameter(key); AEADParameters aeadParameters = new AEADParameters(keyParameter, macLengthBits, nonce, A); OCBBlockCipher encCipher = initCipher(true, aeadParameters); OCBBlockCipher decCipher = initCipher(false, aeadParameters); checkTestCase(encCipher, decCipher, testName, macLengthBytes, P, C); checkTestCase(encCipher, decCipher, testName + " (reused)", macLengthBytes, P, C); // TODO Key reuse }
private void outputSizeTests() { byte[] K = new byte[16]; byte[] A = null; byte[] IV = new byte[16]; GCMBlockCipher cipher = new GCMBlockCipher(new AESFastEngine(), new BasicGCMMultiplier()); AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A); cipher.init(true, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes encryption"); } if (cipher.getOutputSize(0) != 16) { fail("incorrect getOutputSize for initial 0 bytes encryption"); } cipher.init(false, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes decryption"); } // NOTE: 0 bytes would be truncated data, but we want it to fail in the doFinal, not here if (cipher.getOutputSize(0) != 0) { fail("fragile getOutputSize for initial 0 bytes decryption"); } if (cipher.getOutputSize(16) != 0) { fail("incorrect getOutputSize for initial MAC-size bytes decryption"); } }