Class AesGcmHkdfAeadCrypter

  • All Implemented Interfaces:
    AeadCrypter

    final class AesGcmHkdfAeadCrypter
    extends java.lang.Object
    implements AeadCrypter
    AeadCrypter implementation based on AesGcmAeadCrypter with nonce-based rekeying using HKDF-expand and random nonce-mask that is XORed with the given nonce/counter. The AES-GCM key is computed as HKDF-expand(kdfKey, nonce[2..7]), i.e., the first 2 bytes are ignored to require rekeying only after 2^16 operations and the last 4 bytes (including the direction bit) are ignored to allow for optimizations (use same AEAD context for both directions, store counter as unsigned long and boolean for direction).
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private static boolean arrayEqualOn​(byte[] a, int aPos, byte[] b, int bPos, int length)  
      void decrypt​(java.nio.ByteBuffer plaintext, java.nio.ByteBuffer ciphertext, byte[] nonce)
      Decrypt ciphertext into plaintext buffer using the given nonce.
      void decrypt​(java.nio.ByteBuffer plaintext, java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer aad, byte[] nonce)
      Decrypt ciphertext into plaintext buffer using the given nonce.
      void encrypt​(java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer plaintext, byte[] nonce)
      Encrypt plaintext into ciphertext buffer using the given nonce.
      void encrypt​(java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer plaintext, java.nio.ByteBuffer aad, byte[] nonce)
      Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data.
      (package private) static int getKeyLength()  
      private static byte[] hkdfExpandSha256​(byte[] key, byte[] info)  
      private static void maskNonce​(byte[] nonceBuffer, byte[] nonceMask, byte[] nonce)  
      private void maybeRekey​(byte[] nonce)  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • kdfKey

        private final byte[] kdfKey
      • kdfCounter

        private final byte[] kdfCounter
      • nonceMask

        private final byte[] nonceMask
      • nonceBuffer

        private final byte[] nonceBuffer
    • Constructor Detail

      • AesGcmHkdfAeadCrypter

        AesGcmHkdfAeadCrypter​(byte[] key)
    • Method Detail

      • encrypt

        public void encrypt​(java.nio.ByteBuffer ciphertext,
                            java.nio.ByteBuffer plaintext,
                            byte[] nonce)
                     throws java.security.GeneralSecurityException
        Description copied from interface: AeadCrypter
        Encrypt plaintext into ciphertext buffer using the given nonce.
        Specified by:
        encrypt in interface AeadCrypter
        Parameters:
        ciphertext - the encrypted plaintext and the tag will be written into this buffer.
        plaintext - the input that should be encrypted.
        nonce - the unique nonce used for the encryption.
        Throws:
        java.security.GeneralSecurityException - if ciphertext buffer is short or the nonce does not have the expected size.
      • encrypt

        public void encrypt​(java.nio.ByteBuffer ciphertext,
                            java.nio.ByteBuffer plaintext,
                            java.nio.ByteBuffer aad,
                            byte[] nonce)
                     throws java.security.GeneralSecurityException
        Description copied from interface: AeadCrypter
        Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data.
        Specified by:
        encrypt in interface AeadCrypter
        Parameters:
        ciphertext - the encrypted plaintext and the tag will be written into this buffer.
        plaintext - the input that should be encrypted.
        aad - additional data that should be authenticated, but not encrypted.
        nonce - the unique nonce used for the encryption.
        Throws:
        java.security.GeneralSecurityException - if ciphertext buffer is short or the nonce does not have the expected size.
      • decrypt

        public void decrypt​(java.nio.ByteBuffer plaintext,
                            java.nio.ByteBuffer ciphertext,
                            byte[] nonce)
                     throws java.security.GeneralSecurityException
        Description copied from interface: AeadCrypter
        Decrypt ciphertext into plaintext buffer using the given nonce.
        Specified by:
        decrypt in interface AeadCrypter
        Parameters:
        plaintext - the decrypted plaintext will be written into this buffer.
        ciphertext - the ciphertext and tag that should be decrypted.
        nonce - the nonce that was used for the encryption.
        Throws:
        java.security.GeneralSecurityException - if the tag is invalid or any of the inputs do not have the expected size.
      • decrypt

        public void decrypt​(java.nio.ByteBuffer plaintext,
                            java.nio.ByteBuffer ciphertext,
                            java.nio.ByteBuffer aad,
                            byte[] nonce)
                     throws java.security.GeneralSecurityException
        Description copied from interface: AeadCrypter
        Decrypt ciphertext into plaintext buffer using the given nonce.
        Specified by:
        decrypt in interface AeadCrypter
        Parameters:
        plaintext - the decrypted plaintext will be written into this buffer.
        ciphertext - the ciphertext and tag that should be decrypted.
        aad - additional data that is checked for authenticity.
        nonce - the nonce that was used for the encryption.
        Throws:
        java.security.GeneralSecurityException - if the tag is invalid or any of the inputs do not have the expected size.
      • maybeRekey

        private void maybeRekey​(byte[] nonce)
                         throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • maskNonce

        private static void maskNonce​(byte[] nonceBuffer,
                                      byte[] nonceMask,
                                      byte[] nonce)
      • hkdfExpandSha256

        private static byte[] hkdfExpandSha256​(byte[] key,
                                               byte[] info)
                                        throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException
      • arrayEqualOn

        private static boolean arrayEqualOn​(byte[] a,
                                            int aPos,
                                            byte[] b,
                                            int bPos,
                                            int length)
      • getKeyLength

        static int getKeyLength()