private void runTestCase(String testName, String[] testVector, int macLengthBits, byte[] K) throws InvalidCipherTextException { int pos = 0; byte[] N = Hex.decode(testVector[pos++]); byte[] A = Hex.decode(testVector[pos++]); byte[] P = Hex.decode(testVector[pos++]); byte[] C = Hex.decode(testVector[pos++]); int macLengthBytes = macLengthBits / 8; KeyParameter keyParameter = new KeyParameter(K); AEADParameters parameters = new AEADParameters(keyParameter, macLengthBits, N, A); AEADBlockCipher encCipher = initOCBCipher(true, parameters); AEADBlockCipher decCipher = initOCBCipher(false, parameters); checkTestCase(encCipher, decCipher, testName, macLengthBytes, P, C); checkTestCase(encCipher, decCipher, testName + " (reused)", macLengthBytes, P, C); // Key reuse AEADParameters keyReuseParams = AEADTestUtil.reuseKey(parameters); encCipher.init(true, keyReuseParams); decCipher.init(false, keyReuseParams); checkTestCase(encCipher, decCipher, testName + " (key reuse)", macLengthBytes, P, C); }
public static void testReset(Test test, AEADBlockCipher cipher1, AEADBlockCipher cipher2, CipherParameters params) throws InvalidCipherTextException { cipher1.init(true, params); byte[] plaintext = new byte[1000]; byte[] ciphertext = new byte[cipher1.getOutputSize(plaintext.length)]; // Establish baseline answer crypt(cipher1, plaintext, ciphertext); // Test encryption resets checkReset(test, cipher1, params, true, plaintext, ciphertext); // Test decryption resets with fresh instance cipher2.init(false, params); checkReset(test, cipher2, params, false, ciphertext, plaintext); }
private void testMode(Object cipher, CipherParameters params) throws Exception { testWriteRead(cipher, params, false); testWriteRead(cipher, params, true); testReadWrite(cipher, params, false); testReadWrite(cipher, params, true); if (!(cipher instanceof CTSBlockCipher || cipher instanceof NISTCTSBlockCipher)) { testWriteReadEmpty(cipher, params, false); testWriteReadEmpty(cipher, params, true); } if (cipher instanceof AEADBlockCipher) { testTamperedRead((AEADBlockCipher)cipher, params); testTruncatedRead((AEADBlockCipher)cipher, params); testTamperedWrite((AEADBlockCipher)cipher, params); } }
private InputStream createCipherInputStream(byte[] data, Object cipher) { ByteArrayInputStream input = new ByteArrayInputStream(data); if (cipher instanceof BufferedBlockCipher) { return new CipherInputStream(input, (BufferedBlockCipher)cipher); } else if (cipher instanceof AEADBlockCipher) { return new CipherInputStream(input, (AEADBlockCipher)cipher); } else { return new CipherInputStream(input, (StreamCipher)cipher); } }
private String getName(Object cipher) { if (cipher instanceof BufferedBlockCipher) { return ((BufferedBlockCipher)cipher).getUnderlyingCipher().getAlgorithmName(); } else if (cipher instanceof AEADBlockCipher) { return ((AEADBlockCipher)cipher).getUnderlyingCipher().getAlgorithmName(); } else if (cipher instanceof StreamCipher) { return ((StreamCipher)cipher).getAlgorithmName(); } return null; }
private int getBlockSize(Object cipher) { if (cipher instanceof BlockCipher) { return ((BlockCipher)cipher).getBlockSize(); } else if (cipher instanceof BufferedBlockCipher) { return ((BufferedBlockCipher)cipher).getBlockSize(); } else if (cipher instanceof AEADBlockCipher) { return ((AEADBlockCipher)cipher).getUnderlyingCipher().getBlockSize(); } else if (cipher instanceof StreamCipher) { return 1; } return 0; }
@Override public void transform(InputStream in, OutputStream out) { try { AEADBlockCipher aeadBlockCipher = createAEADBlockCipher(); AEADParameters aeadParameters = new AEADParameters(new KeyParameter(key.getKey()), Constants.GCM_MAC_SIZE, nonce, nonSecretPayload); aeadBlockCipher.init(true, aeadParameters); // Write nonce as first 4 bytes out.write(this.nonce); try (CipherInputStream cipherInputStream = new CipherInputStream(in, aeadBlockCipher)) { IOUtils.copy(cipherInputStream, out); } } catch (Exception ex) { LOG.error(ex.getMessage(), ex); throw new EncryptorException(ex.getMessage(), ex); } }
@Override public void transform(InputStream in, OutputStream out) { try { AEADBlockCipher aeadBlockCipher = createAEADBlockCipher(); // Read the first 4 bytes as they contains nonce byte[] nonce = new byte[4]; int bytesRead = in.read(nonce); if (bytesRead < 4) { throw new RuntimeException("Failed to read nonce! Bytes read=" + bytesRead); } AEADParameters aeadParameters = new AEADParameters(new KeyParameter(key.getKey()), Constants.GCM_MAC_SIZE, nonce, nonSecretPayload); aeadBlockCipher.init(false, aeadParameters); try (CipherOutputStream cipherOutputStream = new CipherOutputStream(out, aeadBlockCipher)) { IOUtils.copy(in, cipherOutputStream); } } catch (IOException ex) { LOG.error(ex.getMessage(), ex); throw new EncryptorException(ex.getMessage(), ex); } }
/** * Constructs a CipherInputStream from an InputStream and an AEADBlockCipher. */ public CipherInputStream( InputStream is, AEADBlockCipher cipher) { this(is, cipher, INPUT_BUF_SIZE); }
/** * Constructs a CipherInputStream from an InputStream, an AEADBlockCipher, and a specified internal buffer size. */ public CipherInputStream( InputStream is, AEADBlockCipher cipher, int bufSize) { super(is); this.aeadBlockCipher = cipher; this.inBuf = new byte[bufSize]; this.skippingCipher = (cipher instanceof SkippingCipher) ? (SkippingCipher)cipher : null; }
private int updateCiphers(AEADBlockCipher c1, AEADBlockCipher c2, byte[] S, int i, boolean includeAAD, boolean includePlaintext) throws InvalidCipherTextException { int inputLen = includePlaintext ? i : 0; int outputLen = c2.getOutputSize(inputLen); byte[] output = new byte[outputLen]; int len = 0; if (includeAAD) { c2.processAADBytes(S, 0, i); } if (includePlaintext) { len += c2.processBytes(S, 0, i, output, len); } len += c2.doFinal(output, len); c1.processAADBytes(output, 0, len); return len; }
private void outputSizeTests() { byte[] K = new byte[16]; byte[] A = null; byte[] IV = new byte[15]; AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, IV, A); AEADBlockCipher cipher = initOCBCipher(true, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes encryption"); } if (cipher.getOutputSize(0) != 16) { fail("incorrect getOutputSize for initial 0 bytes encryption"); } cipher.init(false, parameters); if (cipher.getUpdateOutputSize(0) != 0) { fail("incorrect getUpdateOutputSize for initial 0 bytes decryption"); } // NOTE: 0 bytes would be truncated data, but we want it to fail in the doFinal, not here if (cipher.getOutputSize(0) != 0) { fail("fragile getOutputSize for initial 0 bytes decryption"); } if (cipher.getOutputSize(16) != 0) { fail("incorrect getOutputSize for initial MAC-size bytes decryption"); } }
private OutputStream createCipherOutputStream(OutputStream output, Object cipher) { if (cipher instanceof BufferedBlockCipher) { return new CipherOutputStream(output, (BufferedBlockCipher)cipher); } else if (cipher instanceof AEADBlockCipher) { return new CipherOutputStream(output, (AEADBlockCipher)cipher); } else { return new CipherOutputStream(output, (StreamCipher)cipher); } }
/** * Test tampering of ciphertext followed by write to decrypting CipherOutputStream */ private void testTamperedWrite(AEADBlockCipher cipher, CipherParameters params) throws Exception { cipher.init(true, params); byte[] ciphertext = new byte[cipher.getOutputSize(streamSize)]; cipher.doFinal(ciphertext, cipher.processBytes(new byte[streamSize], 0, streamSize, ciphertext, 0)); // Tamper ciphertext[0] += 1; cipher.init(false, params); ByteArrayOutputStream plaintext = new ByteArrayOutputStream(); OutputStream output = createCipherOutputStream(plaintext, cipher); for (int i = 0; i < ciphertext.length; i++) { output.write(ciphertext[i]); } try { output.close(); fail("Expected invalid ciphertext after tamper and write : " + cipher.getAlgorithmName()); } catch (InvalidCipherTextIOException e) { // Expected } }
private void init(Object cipher, boolean forEncrypt, CipherParameters params) { if (cipher instanceof BufferedBlockCipher) { ((BufferedBlockCipher)cipher).init(forEncrypt, params); } else if (cipher instanceof AEADBlockCipher) { ((AEADBlockCipher)cipher).init(forEncrypt, params); } else if (cipher instanceof StreamCipher) { ((StreamCipher)cipher).init(forEncrypt, params); } }
/** * Constructs a CipherInputStream from an InputStream and an AEADBlockCipher. */ public CipherInputStream(InputStream is, AEADBlockCipher cipher) { super(is); this.aeadBlockCipher = cipher; int outSize = cipher.getOutputSize(INPUT_BUF_SIZE); buf = new byte[(outSize > INPUT_BUF_SIZE) ? outSize : INPUT_BUF_SIZE]; inBuf = new byte[INPUT_BUF_SIZE]; }
protected BaseBlockCipher( AEADBlockCipher engine) { baseEngine = engine.getUnderlyingCipher(); ivLength = baseEngine.getBlockSize(); cipher = new AEADGenericBlockCipher(engine); }
protected BaseBlockCipher( AEADBlockCipher engine, boolean fixedIv, int ivLength) { this.baseEngine = engine.getUnderlyingCipher(); this.fixedIv = fixedIv; this.ivLength = ivLength; this.cipher = new AEADGenericBlockCipher(engine); }
private AEADBlockCipher createAEADBlockCipherMode(final String modeName, final BlockCipher engine) { final Class<? extends AEADBlockCipher> modeClass = modeName2aeadBlockCipherModeClass.get(modeName); if (modeClass == null) return null; try { final Constructor<? extends AEADBlockCipher> c = modeClass.getConstructor(BlockCipher.class); return c.newInstance(engine); } catch (final Exception e) { throw new RuntimeException(e); } }
private Cipher createCipherForBlockCipherMode(final String transformation, final AEADBlockCipher modeWithEngine, final String engineName, final String modeName, final String paddingName) throws NoSuchPaddingException { if (paddingName.isEmpty() || "NOPADDING".equals(paddingName)) return new AEADBlockCipherImpl(transformation, modeWithEngine); throw new NoSuchPaddingException("The AEAD-mode \"" + modeName + "\" does not support the padding \"" + paddingName + "\"! Padding must be \"NoPadding\" or an empty string!"); }
public static InputStream setupInputStream(InputStream is, byte[] keyAndIv) { if (keyAndIv != null && keyAndIv.length == 48) { byte[] key = new byte[32]; byte[] iv = new byte[16]; System.arraycopy(keyAndIv, 0, iv, 0, 16); System.arraycopy(keyAndIv, 16, key, 0, 32); AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); cipher.init(true, new AEADParameters(new KeyParameter(key), 128, iv)); return new CipherInputStream(is, cipher); } else { return is; } }
public static OutputStream setupOutputStream(OutputStream os, String reference) { if (reference != null && reference.length() == 96) { byte[] keyAndIv = hexToBytes(reference); byte[] key = new byte[32]; byte[] iv = new byte[16]; System.arraycopy(keyAndIv, 0, iv, 0, 16); System.arraycopy(keyAndIv, 16, key, 0, 32); AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); cipher.init(false, new AEADParameters(new KeyParameter(key), 128, iv)); return new CipherOutputStream(os, cipher); } else { return os; } }
/** * Constructs a CipherInputStream from an InputStream and an AEADBlockCipher. */ public CipherInputStream(InputStream is, AEADBlockCipher cipher) { super(is); this.aeadBlockCipher = cipher; buf = new byte[cipher.getOutputSize(INPUT_BUF_SIZE)]; inBuf = new byte[INPUT_BUF_SIZE]; }
/** * Retrieve a new instance of the block mode provided * @param blockMode block mode name * @return instance to the block mode */ public static AEADBlockCipher getNewCipher(Mode blockMode) { AESEngine aesEngine = new AESEngine(); switch (blockMode) { case GCM: return new GCMBlockCipher(aesEngine); default: throw new RuntimeException("Block cipher not found"); } }
@Override public byte[] encrypt(byte[] data, byte[] randomKeyBytes) throws IOException, InvalidKeyException, InvalidAlgorithmParameterException, InvalidCipherTextException { AEADBlockCipher cipher = new GCMBlockCipher(new AESFastEngine()); cipher.init(true, new AEADParameters(new KeyParameter(randomKeyBytes), 128, randomIvBytes)); return cipherData(cipher, data); }
private static byte[] cipherData(AEADBlockCipher cipher, byte[] data) throws IllegalStateException, InvalidCipherTextException { int minSize = cipher.getOutputSize(data.length); byte[] outBuf = new byte[minSize]; int length1 = cipher.processBytes(data, 0, data.length, outBuf, 0); int length2 = cipher.doFinal(outBuf, length1); int actualLength = length1 + length2; if (actualLength == minSize) { return outBuf; } else { return Arrays.copyOf(outBuf, actualLength); } }
@Override public byte[] decrypt(byte[] data, byte[] randomKey) throws InvalidKeyException, InvalidAlgorithmParameterException, IOException, IllegalStateException, InvalidCipherTextException { AEADBlockCipher cipher = new GCMBlockCipher(new AESFastEngine()); cipher.init(false, new AEADParameters(new KeyParameter(randomKey), 128, randomIvBytes)); return cipherData(cipher, data); }
protected AEADBlockCipher createAEADBlockCipher_AES_GCM() { // TODO Consider allowing custom configuration of multiplier return new GCMBlockCipher(new AESFastEngine()); }
public TlsAEADCipher(TlsContext context, AEADBlockCipher clientWriteCipher, AEADBlockCipher serverWriteCipher, int cipherKeySize, int macSize) throws IOException { if (!ProtocolVersion.TLSv12.isEqualOrEarlierVersionOf(context.getServerVersion().getEquivalentTLSVersion())) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.context = context; this.macSize = macSize; // NOTE: Valid for RFC 5288 ciphers but may need review for other AEAD ciphers this.nonce_explicit_length = 8; // TODO SecurityParameters.fixed_iv_length int fixed_iv_length = 4; int key_block_size = (2 * cipherKeySize) + (2 * fixed_iv_length); byte[] key_block = TlsUtils.calculateKeyBlock(context, key_block_size); int offset = 0; KeyParameter client_write_key = new KeyParameter(key_block, offset, cipherKeySize); offset += cipherKeySize; KeyParameter server_write_key = new KeyParameter(key_block, offset, cipherKeySize); offset += cipherKeySize; byte[] client_write_IV = Arrays.copyOfRange(key_block, offset, offset + fixed_iv_length); offset += fixed_iv_length; byte[] server_write_IV = Arrays.copyOfRange(key_block, offset, offset + fixed_iv_length); offset += fixed_iv_length; if (offset != key_block_size) { throw new TlsFatalAlert(AlertDescription.internal_error); } KeyParameter encryptKey, decryptKey; if (context.isServer()) { this.encryptCipher = serverWriteCipher; this.decryptCipher = clientWriteCipher; this.encryptImplicitNonce = server_write_IV; this.decryptImplicitNonce = client_write_IV; encryptKey = server_write_key; decryptKey = client_write_key; } else { this.encryptCipher = clientWriteCipher; this.decryptCipher = serverWriteCipher; this.encryptImplicitNonce = client_write_IV; this.decryptImplicitNonce = server_write_IV; encryptKey = client_write_key; decryptKey = server_write_key; } byte[] dummyNonce = new byte[fixed_iv_length + nonce_explicit_length]; this.encryptCipher.init(true, new AEADParameters(encryptKey, 8 * macSize, dummyNonce)); this.decryptCipher.init(false, new AEADParameters(decryptKey, 8 * macSize, dummyNonce)); }
AEADGenericBlockCipher(AEADBlockCipher cipher) { this.cipher = cipher; }
protected AEADBlockCipher createAEADBlockCipher_AES_CCM() { return new CCMBlockCipher(createAESEngine()); }
