List of usage examples for org.bouncycastle.crypto.params AEADParameters getMacSize
public int getMacSize()
From source file:freenet.crypt.OCBBlockCipher_v149.java
License:Open Source License
public void init(boolean forEncryption, CipherParameters parameters) throws IllegalArgumentException { this.forEncryption = forEncryption; this.macBlock = null; KeyParameter keyParameter;/* www. ja v a 2 s .c o m*/ byte[] N; if (parameters instanceof AEADParameters) { AEADParameters aeadParameters = (AEADParameters) parameters; N = aeadParameters.getNonce(); initialAssociatedText = aeadParameters.getAssociatedText(); int macSizeBits = aeadParameters.getMacSize(); if (macSizeBits < 64 || macSizeBits > 128 || macSizeBits % 8 != 0) { throw new IllegalArgumentException("Invalid value for MAC size: " + macSizeBits); } macSize = macSizeBits / 8; keyParameter = aeadParameters.getKey(); } else if (parameters instanceof ParametersWithIV) { ParametersWithIV parametersWithIV = (ParametersWithIV) parameters; N = parametersWithIV.getIV(); initialAssociatedText = null; macSize = 16; keyParameter = (KeyParameter) parametersWithIV.getParameters(); } else { throw new IllegalArgumentException("invalid parameters passed to OCB"); } this.hashBlock = new byte[16]; this.mainBlock = new byte[forEncryption ? BLOCK_SIZE : (BLOCK_SIZE + macSize)]; if (N == null) { N = new byte[0]; } /* * TODO There's currently a thread on CFRG * (http://www.ietf.org/mail-archive/web/cfrg/current/msg03433.html) debating including * (macSize % 128) in the nonce, in which case this test becomes simpler: */ // if (N.length > 15) // { // throw new IllegalArgumentException("IV must be no more than 120 bits"); // } if (N.length > 16 || (N.length == 16 && (N[0] & 0x80) != 0)) { /* * NOTE: We don't just ignore bit 128 because it would hide from the caller the fact * that two nonces differing only in bit 128 are not different. */ throw new IllegalArgumentException("IV must be no more than 127 bits"); } /* * KEY-DEPENDENT INITIALISATION */ if (keyParameter == null) { // TODO If 'keyParameter' is null we're re-using the last key. } // hashCipher always used in forward mode hashCipher.init(true, keyParameter); mainCipher.init(forEncryption, keyParameter); this.L_Asterisk = new byte[16]; hashCipher.processBlock(L_Asterisk, 0, L_Asterisk, 0); this.L_Dollar = OCB_double(L_Asterisk); this.L = new Vector(); this.L.addElement(OCB_double(L_Dollar)); /* * NONCE-DEPENDENT AND PER-ENCRYPTION/DECRYPTION INITIALISATION */ byte[] nonce = new byte[16]; System.arraycopy(N, 0, nonce, nonce.length - N.length, N.length); /* * TODO There's currently a thread on CFRG * (http://www.ietf.org/mail-archive/web/cfrg/current/msg03433.html) debating including * (macSize % 128) in the nonce, in which case this code becomes simpler: */ // nonce[0] = (byte)(macSize << 4); // nonce[15 - N.length] |= 1; if (N.length == 16) { nonce[0] &= 0x80; } else { nonce[15 - N.length] = 1; } int bottom = nonce[15] & 0x3F; // System.out.println("bottom: " + bottom); byte[] Ktop = new byte[16]; nonce[15] &= 0xC0; hashCipher.processBlock(nonce, 0, Ktop, 0); byte[] Stretch = new byte[24]; System.arraycopy(Ktop, 0, Stretch, 0, 16); for (int i = 0; i < 8; ++i) { Stretch[16 + i] = (byte) (Ktop[i] ^ Ktop[i + 1]); } this.OffsetMAIN_0 = new byte[16]; int bits = bottom % 8, bytes = bottom / 8; if (bits == 0) { System.arraycopy(Stretch, bytes, OffsetMAIN_0, 0, 16); } else { for (int i = 0; i < 16; ++i) { int b1 = Stretch[bytes] & 0xff; int b2 = Stretch[++bytes] & 0xff; this.OffsetMAIN_0[i] = (byte) ((b1 << bits) | (b2 >>> (8 - bits))); } } this.hashBlockPos = 0; this.mainBlockPos = 0; this.hashBlockCount = 0; this.mainBlockCount = 0; this.OffsetHASH = new byte[16]; this.Sum = new byte[16]; this.OffsetMAIN = Arrays.clone(this.OffsetMAIN_0); this.Checksum = new byte[16]; if (initialAssociatedText != null) { processAADBytes(initialAssociatedText, 0, initialAssociatedText.length); } }
From source file:org.xdi.oxauth.model.jwe.JweEncrypterImpl.java
License:MIT License
@Override public Pair<String, String> generateCipherTextAndIntegrityValue(byte[] contentMasterKey, byte[] initializationVector, byte[] additionalAuthenticatedData, byte[] plainText) throws InvalidJweException { if (getBlockEncryptionAlgorithm() == null) { throw new InvalidJweException("The block encryption algorithm is null"); }/*from w ww . ja v a2 s .co m*/ if (contentMasterKey == null) { throw new InvalidJweException("The content master key (CMK) is null"); } if (initializationVector == null) { throw new InvalidJweException("The initialization vector is null"); } if (additionalAuthenticatedData == null) { throw new InvalidJweException("The additional authentication data is null"); } if (plainText == null) { throw new InvalidJweException("The plain text to encrypt is null"); } try { if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128GCM || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256GCM) { SecretKey secretKey = new SecretKeySpec(contentMasterKey, "AES"); KeyParameter key = new KeyParameter(contentMasterKey); final int MAC_SIZE_BITS = 128; AEADParameters aeadParameters = new AEADParameters(key, MAC_SIZE_BITS, initializationVector, additionalAuthenticatedData); final int macSize = aeadParameters.getMacSize() / 8; BlockCipher blockCipher = new AESEngine(); CipherParameters params = new KeyParameter(secretKey.getEncoded()); blockCipher.init(true, params); GCMBlockCipher aGCMBlockCipher = new GCMBlockCipher(blockCipher); aGCMBlockCipher.init(true, aeadParameters); int len = aGCMBlockCipher.getOutputSize(plainText.length); byte[] out = new byte[len]; int outOff = aGCMBlockCipher.processBytes(plainText, 0, plainText.length, out, 0); outOff += aGCMBlockCipher.doFinal(out, outOff); byte[] cipherText = new byte[outOff - macSize]; System.arraycopy(out, 0, cipherText, 0, cipherText.length); byte[] authenticationTag = new byte[macSize]; System.arraycopy(out, outOff - macSize, authenticationTag, 0, authenticationTag.length); String encodedCipherText = Base64Util.base64urlencode(cipherText); String encodedAuthenticationTag = Base64Util.base64urlencode(authenticationTag); return new Pair<String, String>(encodedCipherText, encodedAuthenticationTag); } else if (getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A128CBC_PLUS_HS256 || getBlockEncryptionAlgorithm() == BlockEncryptionAlgorithm.A256CBC_PLUS_HS512) { byte[] cek = KeyDerivationFunction.generateCek(contentMasterKey, getBlockEncryptionAlgorithm()); IvParameterSpec parameters = new IvParameterSpec(initializationVector); Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm(), "BC"); //Cipher cipher = Cipher.getInstance(getBlockEncryptionAlgorithm().getAlgorithm()); SecretKeySpec secretKeySpec = new SecretKeySpec(cek, "AES"); cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, parameters); byte[] cipherText = cipher.doFinal(plainText); String encodedCipherText = Base64Util.base64urlencode(cipherText); String securedInputValue = new String(additionalAuthenticatedData, Charset.forName(Util.UTF8_STRING_ENCODING)) + "." + encodedCipherText; byte[] cik = KeyDerivationFunction.generateCik(contentMasterKey, getBlockEncryptionAlgorithm()); SecretKey secretKey = new SecretKeySpec(cik, getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm()); Mac mac = Mac.getInstance(getBlockEncryptionAlgorithm().getIntegrityValueAlgorithm()); mac.init(secretKey); byte[] integrityValue = mac.doFinal(securedInputValue.getBytes(Util.UTF8_STRING_ENCODING)); String encodedIntegrityValue = Base64Util.base64urlencode(integrityValue); return new Pair<String, String>(encodedCipherText, encodedIntegrityValue); } else { throw new InvalidJweException("The block encryption algorithm is not supported"); } } catch (InvalidCipherTextException e) { throw new InvalidJweException(e); } catch (NoSuchAlgorithmException e) { throw new InvalidJweException(e); } catch (UnsupportedEncodingException e) { throw new InvalidJweException(e); } catch (NoSuchProviderException e) { throw new InvalidJweException(e); } catch (IllegalBlockSizeException e) { throw new InvalidJweException(e); } catch (InvalidKeyException e) { throw new InvalidJweException(e); } catch (BadPaddingException e) { throw new InvalidJweException(e); } catch (InvalidAlgorithmParameterException e) { throw new InvalidJweException(e); } catch (NoSuchPaddingException e) { throw new InvalidJweException(e); } catch (InvalidParameterException e) { throw new InvalidJweException(e); } }