Class AesGcmHkdfAeadCrypter

java.lang.Object
io.grpc.alts.internal.AesGcmHkdfAeadCrypter
All Implemented Interfaces:
AeadCrypter

final class AesGcmHkdfAeadCrypter extends Object implements AeadCrypter
AeadCrypter implementation based on AesGcmAeadCrypter with nonce-based rekeying using HKDF-expand and random nonce-mask that is XORed with the given nonce/counter. The AES-GCM key is computed as HKDF-expand(kdfKey, nonce[2..7]), i.e., the first 2 bytes are ignored to require rekeying only after 2^16 operations and the last 4 bytes (including the direction bit) are ignored to allow for optimizations (use same AEAD context for both directions, store counter as unsigned long and boolean for direction).
  • Field Details

    • KDF_KEY_LENGTH

      private static final int KDF_KEY_LENGTH
      See Also:
    • KDF_COUNTER_OFFSET

      private static final int KDF_COUNTER_OFFSET
      See Also:
    • KDF_COUNTER_LENGTH

      private static final int KDF_COUNTER_LENGTH
      See Also:
    • NONCE_LENGTH

      private static final int NONCE_LENGTH
      See Also:
    • KEY_LENGTH

      private static final int KEY_LENGTH
      See Also:
    • kdfKey

      private final byte[] kdfKey
    • kdfCounter

      private final byte[] kdfCounter
    • nonceMask

      private final byte[] nonceMask
    • nonceBuffer

      private final byte[] nonceBuffer
    • aeadCrypter

      private AeadCrypter aeadCrypter
  • Constructor Details

    • AesGcmHkdfAeadCrypter

      AesGcmHkdfAeadCrypter(byte[] key)
  • Method Details

    • encrypt

      public void encrypt(ByteBuffer ciphertext, ByteBuffer plaintext, byte[] nonce) throws GeneralSecurityException
      Description copied from interface: AeadCrypter
      Encrypt plaintext into ciphertext buffer using the given nonce.
      Specified by:
      encrypt in interface AeadCrypter
      Parameters:
      ciphertext - the encrypted plaintext and the tag will be written into this buffer.
      plaintext - the input that should be encrypted.
      nonce - the unique nonce used for the encryption.
      Throws:
      GeneralSecurityException - if ciphertext buffer is short or the nonce does not have the expected size.
    • encrypt

      public void encrypt(ByteBuffer ciphertext, ByteBuffer plaintext, ByteBuffer aad, byte[] nonce) throws GeneralSecurityException
      Description copied from interface: AeadCrypter
      Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data.
      Specified by:
      encrypt in interface AeadCrypter
      Parameters:
      ciphertext - the encrypted plaintext and the tag will be written into this buffer.
      plaintext - the input that should be encrypted.
      aad - additional data that should be authenticated, but not encrypted.
      nonce - the unique nonce used for the encryption.
      Throws:
      GeneralSecurityException - if ciphertext buffer is short or the nonce does not have the expected size.
    • decrypt

      public void decrypt(ByteBuffer plaintext, ByteBuffer ciphertext, byte[] nonce) throws GeneralSecurityException
      Description copied from interface: AeadCrypter
      Decrypt ciphertext into plaintext buffer using the given nonce.
      Specified by:
      decrypt in interface AeadCrypter
      Parameters:
      plaintext - the decrypted plaintext will be written into this buffer.
      ciphertext - the ciphertext and tag that should be decrypted.
      nonce - the nonce that was used for the encryption.
      Throws:
      GeneralSecurityException - if the tag is invalid or any of the inputs do not have the expected size.
    • decrypt

      public void decrypt(ByteBuffer plaintext, ByteBuffer ciphertext, ByteBuffer aad, byte[] nonce) throws GeneralSecurityException
      Description copied from interface: AeadCrypter
      Decrypt ciphertext into plaintext buffer using the given nonce.
      Specified by:
      decrypt in interface AeadCrypter
      Parameters:
      plaintext - the decrypted plaintext will be written into this buffer.
      ciphertext - the ciphertext and tag that should be decrypted.
      aad - additional data that is checked for authenticity.
      nonce - the nonce that was used for the encryption.
      Throws:
      GeneralSecurityException - if the tag is invalid or any of the inputs do not have the expected size.
    • maybeRekey

      private void maybeRekey(byte[] nonce) throws GeneralSecurityException
      Throws:
      GeneralSecurityException
    • maskNonce

      private static void maskNonce(byte[] nonceBuffer, byte[] nonceMask, byte[] nonce)
    • hkdfExpandSha256

      private static byte[] hkdfExpandSha256(byte[] key, byte[] info) throws GeneralSecurityException
      Throws:
      GeneralSecurityException
    • arrayEqualOn

      private static boolean arrayEqualOn(byte[] a, int aPos, byte[] b, int bPos, int length)
    • getKeyLength

      static int getKeyLength()