Package io.grpc.alts.internal
Class AesGcmHkdfAeadCrypter
java.lang.Object
io.grpc.alts.internal.AesGcmHkdfAeadCrypter
- All Implemented Interfaces:
AeadCrypter
AeadCrypter
implementation based on AesGcmAeadCrypter
with nonce-based rekeying
using HKDF-expand and random nonce-mask that is XORed with the given nonce/counter. The AES-GCM
key is computed as HKDF-expand(kdfKey, nonce[2..7]), i.e., the first 2 bytes are ignored to
require rekeying only after 2^16 operations and the last 4 bytes (including the direction bit)
are ignored to allow for optimizations (use same AEAD context for both directions, store counter
as unsigned long and boolean for direction).-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate AeadCrypter
private static final int
private static final int
private static final int
private final byte[]
private final byte[]
private static final int
private static final int
private final byte[]
private final byte[]
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate static boolean
arrayEqualOn
(byte[] a, int aPos, byte[] b, int bPos, int length) void
decrypt
(ByteBuffer plaintext, ByteBuffer ciphertext, byte[] nonce) Decrypt ciphertext into plaintext buffer using the given nonce.void
decrypt
(ByteBuffer plaintext, ByteBuffer ciphertext, ByteBuffer aad, byte[] nonce) Decrypt ciphertext into plaintext buffer using the given nonce.void
encrypt
(ByteBuffer ciphertext, ByteBuffer plaintext, byte[] nonce) Encrypt plaintext into ciphertext buffer using the given nonce.void
encrypt
(ByteBuffer ciphertext, ByteBuffer plaintext, ByteBuffer aad, byte[] nonce) Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data.(package private) static int
private static byte[]
hkdfExpandSha256
(byte[] key, byte[] info) private static void
maskNonce
(byte[] nonceBuffer, byte[] nonceMask, byte[] nonce) private void
maybeRekey
(byte[] nonce)
-
Field Details
-
KDF_KEY_LENGTH
private static final int KDF_KEY_LENGTH- See Also:
-
KDF_COUNTER_OFFSET
private static final int KDF_COUNTER_OFFSET- See Also:
-
KDF_COUNTER_LENGTH
private static final int KDF_COUNTER_LENGTH- See Also:
-
NONCE_LENGTH
private static final int NONCE_LENGTH- See Also:
-
KEY_LENGTH
private static final int KEY_LENGTH- See Also:
-
kdfKey
private final byte[] kdfKey -
kdfCounter
private final byte[] kdfCounter -
nonceMask
private final byte[] nonceMask -
nonceBuffer
private final byte[] nonceBuffer -
aeadCrypter
-
-
Constructor Details
-
AesGcmHkdfAeadCrypter
AesGcmHkdfAeadCrypter(byte[] key)
-
-
Method Details
-
encrypt
public void encrypt(ByteBuffer ciphertext, ByteBuffer plaintext, byte[] nonce) throws GeneralSecurityException Description copied from interface:AeadCrypter
Encrypt plaintext into ciphertext buffer using the given nonce.- Specified by:
encrypt
in interfaceAeadCrypter
- Parameters:
ciphertext
- the encrypted plaintext and the tag will be written into this buffer.plaintext
- the input that should be encrypted.nonce
- the unique nonce used for the encryption.- Throws:
GeneralSecurityException
- if ciphertext buffer is short or the nonce does not have the expected size.
-
encrypt
public void encrypt(ByteBuffer ciphertext, ByteBuffer plaintext, ByteBuffer aad, byte[] nonce) throws GeneralSecurityException Description copied from interface:AeadCrypter
Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data.- Specified by:
encrypt
in interfaceAeadCrypter
- Parameters:
ciphertext
- the encrypted plaintext and the tag will be written into this buffer.plaintext
- the input that should be encrypted.aad
- additional data that should be authenticated, but not encrypted.nonce
- the unique nonce used for the encryption.- Throws:
GeneralSecurityException
- if ciphertext buffer is short or the nonce does not have the expected size.
-
decrypt
public void decrypt(ByteBuffer plaintext, ByteBuffer ciphertext, byte[] nonce) throws GeneralSecurityException Description copied from interface:AeadCrypter
Decrypt ciphertext into plaintext buffer using the given nonce.- Specified by:
decrypt
in interfaceAeadCrypter
- Parameters:
plaintext
- the decrypted plaintext will be written into this buffer.ciphertext
- the ciphertext and tag that should be decrypted.nonce
- the nonce that was used for the encryption.- Throws:
GeneralSecurityException
- if the tag is invalid or any of the inputs do not have the expected size.
-
decrypt
public void decrypt(ByteBuffer plaintext, ByteBuffer ciphertext, ByteBuffer aad, byte[] nonce) throws GeneralSecurityException Description copied from interface:AeadCrypter
Decrypt ciphertext into plaintext buffer using the given nonce.- Specified by:
decrypt
in interfaceAeadCrypter
- Parameters:
plaintext
- the decrypted plaintext will be written into this buffer.ciphertext
- the ciphertext and tag that should be decrypted.aad
- additional data that is checked for authenticity.nonce
- the nonce that was used for the encryption.- Throws:
GeneralSecurityException
- if the tag is invalid or any of the inputs do not have the expected size.
-
maybeRekey
- Throws:
GeneralSecurityException
-
maskNonce
private static void maskNonce(byte[] nonceBuffer, byte[] nonceMask, byte[] nonce) -
hkdfExpandSha256
- Throws:
GeneralSecurityException
-
arrayEqualOn
private static boolean arrayEqualOn(byte[] a, int aPos, byte[] b, int bPos, int length) -
getKeyLength
static int getKeyLength()
-