Package io.grpc.alts.internal
Class AesGcmHkdfAeadCrypter
- java.lang.Object
-
- io.grpc.alts.internal.AesGcmHkdfAeadCrypter
-
- All Implemented Interfaces:
AeadCrypter
final class AesGcmHkdfAeadCrypter extends java.lang.Object implements AeadCrypter
AeadCrypter
implementation based onAesGcmAeadCrypter
with nonce-based rekeying using HKDF-expand and random nonce-mask that is XORed with the given nonce/counter. The AES-GCM key is computed as HKDF-expand(kdfKey, nonce[2..7]), i.e., the first 2 bytes are ignored to require rekeying only after 2^16 operations and the last 4 bytes (including the direction bit) are ignored to allow for optimizations (use same AEAD context for both directions, store counter as unsigned long and boolean for direction).
-
-
Field Summary
Fields Modifier and Type Field Description private AeadCrypter
aeadCrypter
private static int
KDF_COUNTER_LENGTH
private static int
KDF_COUNTER_OFFSET
private static int
KDF_KEY_LENGTH
private byte[]
kdfCounter
private byte[]
kdfKey
private static int
KEY_LENGTH
private static int
NONCE_LENGTH
private byte[]
nonceBuffer
private byte[]
nonceMask
-
Constructor Summary
Constructors Constructor Description AesGcmHkdfAeadCrypter(byte[] key)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private static boolean
arrayEqualOn(byte[] a, int aPos, byte[] b, int bPos, int length)
void
decrypt(java.nio.ByteBuffer plaintext, java.nio.ByteBuffer ciphertext, byte[] nonce)
Decrypt ciphertext into plaintext buffer using the given nonce.void
decrypt(java.nio.ByteBuffer plaintext, java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer aad, byte[] nonce)
Decrypt ciphertext into plaintext buffer using the given nonce.void
encrypt(java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer plaintext, byte[] nonce)
Encrypt plaintext into ciphertext buffer using the given nonce.void
encrypt(java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer plaintext, java.nio.ByteBuffer aad, byte[] nonce)
Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data.(package private) static int
getKeyLength()
private static byte[]
hkdfExpandSha256(byte[] key, byte[] info)
private static void
maskNonce(byte[] nonceBuffer, byte[] nonceMask, byte[] nonce)
private void
maybeRekey(byte[] nonce)
-
-
-
Field Detail
-
KDF_KEY_LENGTH
private static final int KDF_KEY_LENGTH
- See Also:
- Constant Field Values
-
KDF_COUNTER_OFFSET
private static final int KDF_COUNTER_OFFSET
- See Also:
- Constant Field Values
-
KDF_COUNTER_LENGTH
private static final int KDF_COUNTER_LENGTH
- See Also:
- Constant Field Values
-
NONCE_LENGTH
private static final int NONCE_LENGTH
- See Also:
- Constant Field Values
-
KEY_LENGTH
private static final int KEY_LENGTH
- See Also:
- Constant Field Values
-
kdfKey
private final byte[] kdfKey
-
kdfCounter
private final byte[] kdfCounter
-
nonceMask
private final byte[] nonceMask
-
nonceBuffer
private final byte[] nonceBuffer
-
aeadCrypter
private AeadCrypter aeadCrypter
-
-
Method Detail
-
encrypt
public void encrypt(java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer plaintext, byte[] nonce) throws java.security.GeneralSecurityException
Description copied from interface:AeadCrypter
Encrypt plaintext into ciphertext buffer using the given nonce.- Specified by:
encrypt
in interfaceAeadCrypter
- Parameters:
ciphertext
- the encrypted plaintext and the tag will be written into this buffer.plaintext
- the input that should be encrypted.nonce
- the unique nonce used for the encryption.- Throws:
java.security.GeneralSecurityException
- if ciphertext buffer is short or the nonce does not have the expected size.
-
encrypt
public void encrypt(java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer plaintext, java.nio.ByteBuffer aad, byte[] nonce) throws java.security.GeneralSecurityException
Description copied from interface:AeadCrypter
Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data.- Specified by:
encrypt
in interfaceAeadCrypter
- Parameters:
ciphertext
- the encrypted plaintext and the tag will be written into this buffer.plaintext
- the input that should be encrypted.aad
- additional data that should be authenticated, but not encrypted.nonce
- the unique nonce used for the encryption.- Throws:
java.security.GeneralSecurityException
- if ciphertext buffer is short or the nonce does not have the expected size.
-
decrypt
public void decrypt(java.nio.ByteBuffer plaintext, java.nio.ByteBuffer ciphertext, byte[] nonce) throws java.security.GeneralSecurityException
Description copied from interface:AeadCrypter
Decrypt ciphertext into plaintext buffer using the given nonce.- Specified by:
decrypt
in interfaceAeadCrypter
- Parameters:
plaintext
- the decrypted plaintext will be written into this buffer.ciphertext
- the ciphertext and tag that should be decrypted.nonce
- the nonce that was used for the encryption.- Throws:
java.security.GeneralSecurityException
- if the tag is invalid or any of the inputs do not have the expected size.
-
decrypt
public void decrypt(java.nio.ByteBuffer plaintext, java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer aad, byte[] nonce) throws java.security.GeneralSecurityException
Description copied from interface:AeadCrypter
Decrypt ciphertext into plaintext buffer using the given nonce.- Specified by:
decrypt
in interfaceAeadCrypter
- Parameters:
plaintext
- the decrypted plaintext will be written into this buffer.ciphertext
- the ciphertext and tag that should be decrypted.aad
- additional data that is checked for authenticity.nonce
- the nonce that was used for the encryption.- Throws:
java.security.GeneralSecurityException
- if the tag is invalid or any of the inputs do not have the expected size.
-
maybeRekey
private void maybeRekey(byte[] nonce) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
maskNonce
private static void maskNonce(byte[] nonceBuffer, byte[] nonceMask, byte[] nonce)
-
hkdfExpandSha256
private static byte[] hkdfExpandSha256(byte[] key, byte[] info) throws java.security.GeneralSecurityException
- Throws:
java.security.GeneralSecurityException
-
arrayEqualOn
private static boolean arrayEqualOn(byte[] a, int aPos, byte[] b, int bPos, int length)
-
getKeyLength
static int getKeyLength()
-
-