List of usage examples for org.bouncycastle.crypto.modes GCMBlockCipher GCMBlockCipher
public GCMBlockCipher(BlockCipher c)
From source file:org.picketlink.json.jose.crypto.AESGCM.java
License:Open Source License
/** * Creates a new AES/GCM/NoPadding cipher. * * @param secretKey The AES key. Must not be {@code null}. * @param forEncryption If {@code true} creates an encryption cipher, else creates a decryption cipher. * @param iv The initialisation vector (IV). Must not be {@code null}. * @param authData The authenticated data. Must not be {@code null}. * * @return The AES/GCM/NoPadding cipher. *//*from w ww . j a v a2 s .co m*/ private static GCMBlockCipher createAESGCMCipher(final SecretKey secretKey, final boolean forEncryption, final byte[] iv, final byte[] authData) { // Initialize AES cipher BlockCipher cipher = AES.createCipher(secretKey, forEncryption); // Create GCM cipher with AES GCMBlockCipher gcm = new GCMBlockCipher(cipher); AEADParameters aeadParams = new AEADParameters(new KeyParameter(secretKey.getEncoded()), AUTH_TAG_BIT_LENGTH, iv, authData); gcm.init(forEncryption, aeadParams); return gcm; }
From source file:org.sfs.encryption.CipherWriteStreamValidation.java
License:Apache License
public CipherWriteStreamValidation(byte[] secretBytes, byte[] salt) { this.salt = salt.clone(); secretBytes = secretBytes.clone();//from www . j a v a2 s.c o m if (secretBytes.length != KEY_SIZE_BYTES) { secretBytes = Hashing.sha256().hashBytes(secretBytes).asBytes(); } try { KeyParameter key = new KeyParameter(secretBytes); AEADParameters params = new AEADParameters(key, MAC_SIZE_BITS, this.salt); this.encryptor = new GCMBlockCipher(new AESFastEngine()); this.encryptor.init(true, params); this.decryptor = new GCMBlockCipher(new AESFastEngine()); this.decryptor.init(false, params); } catch (Exception e) { throw new RuntimeException("could not create cipher for AES256", e); } finally { Arrays.fill(secretBytes, (byte) 0); } }
From source file:org.sfs.encryption.impl.SAES256v01.java
License:Apache License
public SAES256v01(byte[] secretBytes, byte[] salt) { this.salt = salt.clone(); secretBytes = secretBytes.clone();/*from www . j av a 2s .c om*/ if (secretBytes.length != KEY_SIZE_BYTES) { secretBytes = Hashing.sha256().hashBytes(secretBytes).asBytes(); } try { KeyParameter key = new KeyParameter(secretBytes); AEADParameters params = new AEADParameters(key, MAC_SIZE_BITS, this.salt); this.encryptor = new GCMBlockCipher(new AESFastEngine()); this.encryptor.init(true, params); this.decryptor = new GCMBlockCipher(new AESFastEngine()); this.decryptor.init(false, params); } catch (Exception e) { throw new RuntimeException("could not create cipher for AES256", e); } finally { Arrays.fill(secretBytes, (byte) 0); } }
From source file:org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor.java
License:Apache License
@Override public byte[] encrypt(byte[] bytes) { byte[] iv = this.ivGenerator.generateKey(); GCMBlockCipher blockCipher = new GCMBlockCipher(new AESFastEngine()); blockCipher.init(true, new AEADParameters(secretKey, 128, iv, null)); byte[] encrypted = process(blockCipher, bytes); return iv != null ? concatenate(iv, encrypted) : encrypted; }
From source file:org.springframework.security.crypto.encrypt.BouncyCastleAesGcmBytesEncryptor.java
License:Apache License
@Override public byte[] decrypt(byte[] encryptedBytes) { byte[] iv = subArray(encryptedBytes, 0, this.ivGenerator.getKeyLength()); encryptedBytes = subArray(encryptedBytes, this.ivGenerator.getKeyLength(), encryptedBytes.length); GCMBlockCipher blockCipher = new GCMBlockCipher(new AESFastEngine()); blockCipher.init(false, new AEADParameters(secretKey, 128, iv, null)); return process(blockCipher, encryptedBytes); }
From source file:org.syncany.crypto.specs.AesGcmCipherSpec.java
License:Open Source License
@Override public OutputStream newCipherOutputStream(OutputStream underlyingOutputStream, byte[] secretKey, byte[] iv) throws CipherException { AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); cipher.init(true, new AEADParameters(new KeyParameter(secretKey), MAC_SIZE, iv)); return new org.bouncycastle.crypto.io.CipherOutputStream(underlyingOutputStream, cipher); }
From source file:org.syncany.crypto.specs.AesGcmCipherSpec.java
License:Open Source License
@Override public InputStream newCipherInputStream(InputStream underlyingInputStream, byte[] secretKey, byte[] iv) throws CipherException { AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); cipher.init(false, new AEADParameters(new KeyParameter(secretKey), MAC_SIZE, iv)); return new org.bouncycastle.crypto.io.CipherInputStream(underlyingInputStream, cipher); }
From source file:org.syncany.crypto.specs.TwofishGcmCipherSpec.java
License:Open Source License
@Override public OutputStream newCipherOutputStream(OutputStream underlyingOutputStream, byte[] secretKey, byte[] iv) throws CipherException { AEADBlockCipher cipher = new GCMBlockCipher(new TwofishEngine()); cipher.init(true, new AEADParameters(new KeyParameter(secretKey), MAC_SIZE, iv)); return new org.bouncycastle.crypto.io.CipherOutputStream(underlyingOutputStream, cipher); }
From source file:org.syncany.crypto.specs.TwofishGcmCipherSpec.java
License:Open Source License
@Override public InputStream newCipherInputStream(InputStream underlyingInputStream, byte[] secretKey, byte[] iv) throws CipherException { AEADBlockCipher cipher = new GCMBlockCipher(new TwofishEngine()); cipher.init(false, new AEADParameters(new KeyParameter(secretKey), MAC_SIZE, iv)); return new org.bouncycastle.crypto.io.CipherInputStream(underlyingInputStream, cipher); }
From source file:org.syncany.tests.crypto.AesGcmWithBcInputStreamTest.java
License:Open Source License
@Test public void testD_BouncyCastleCipherInputStreamWithAesGcm() throws InvalidKeyException, InvalidAlgorithmParameterException, IOException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException { // Encrypt (not interesting in this example) byte[] randomKey = createRandomArray(16); byte[] randomIv = createRandomArray(16); byte[] originalPlaintext = "Confirm 100$ pay".getBytes("ASCII"); byte[] originalCiphertext = encryptWithAesGcm(originalPlaintext, randomKey, randomIv); // Attack / alter ciphertext (an attacker would do this!) byte[] alteredCiphertext = Arrays.clone(originalCiphertext); alteredCiphertext[8] = (byte) (alteredCiphertext[8] ^ 0x08); // <<< Change 100$ to 900$ // Decrypt with BouncyCastle implementation of CipherInputStream AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine()); cipher.init(false, new AEADParameters(new KeyParameter(randomKey), 128, randomIv)); try {/*from w w w .ja va 2 s . com*/ readFromStream(new org.bouncycastle.crypto.io.CipherInputStream( new ByteArrayInputStream(alteredCiphertext), cipher)); // ^^^^^^^^^^^^^^^ INTERESTING PART ^^^^^^^^^^^^^^^^ // // The BouncyCastle implementation of the CipherInputStream detects MAC verification errors and // throws a InvalidCipherTextIOException if an error occurs. Nice! A more or less minor issue // however is that it is incompatible with the standard JCE Cipher class from the javax.crypto // package. The new interface AEADBlockCipher must be used. The code below is not executed. fail("Test D: org.bouncycastle.crypto.io.CipherInputStream: NOT OK, tampering not detected"); } catch (InvalidCipherTextIOException e) { System.out .println("Test D: org.bouncycastle.crypto.io.CipherInputStream: OK, tampering detected"); } }