Package io.grpc.alts.internal

Class AesGcmHkdfAeadCrypter

  • All Implemented Interfaces:
    AeadCrypter
    final class AesGcmHkdfAeadCrypter
extends java.lang.Object
implements AeadCrypter
    AeadCrypter implementation based on AesGcmAeadCrypter with nonce-based rekeying using HKDF-expand and random nonce-mask that is XORed with the given nonce/counter. The AES-GCM key is computed as HKDF-expand(kdfKey, nonce[2..7]), i.e., the first 2 bytes are ignored to require rekeying only after 2^16 operations and the last 4 bytes (including the direction bit) are ignored to allow for optimizations (use same AEAD context for both directions, store counter as unsigned long and boolean for direction).

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private static boolean arrayEqualOn​(byte[] a, int aPos, byte[] b, int bPos, int length)  
      void decrypt​(java.nio.ByteBuffer plaintext, java.nio.ByteBuffer ciphertext, byte[] nonce)
      Decrypt ciphertext into plaintext buffer using the given nonce.
      void decrypt​(java.nio.ByteBuffer plaintext, java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer aad, byte[] nonce)
      Decrypt ciphertext into plaintext buffer using the given nonce.
      void encrypt​(java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer plaintext, byte[] nonce)
      Encrypt plaintext into ciphertext buffer using the given nonce.
      void encrypt​(java.nio.ByteBuffer ciphertext, java.nio.ByteBuffer plaintext, java.nio.ByteBuffer aad, byte[] nonce)
      Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data.
      (package private) static int getKeyLength()  
      private static byte[] hkdfExpandSha256​(byte[] key, byte[] info)  
      private static void maskNonce​(byte[] nonceBuffer, byte[] nonceMask, byte[] nonce)  
      private void maybeRekey​(byte[] nonce)  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • kdfKey

        private final byte[] kdfKey

      • kdfCounter

        private final byte[] kdfCounter

      • nonceMask

        private final byte[] nonceMask

      • nonceBuffer

        private final byte[] nonceBuffer

    • Constructor Detail

      • AesGcmHkdfAeadCrypter

        AesGcmHkdfAeadCrypter​(byte[] key)

    • Method Detail

      • encrypt

        public void encrypt​(java.nio.ByteBuffer ciphertext,
                    java.nio.ByteBuffer plaintext,
                    byte[] nonce)
             throws java.security.GeneralSecurityException
        Description copied from interface: AeadCrypter
        Encrypt plaintext into ciphertext buffer using the given nonce.
        Specified by:
        encrypt in interface AeadCrypter
        Parameters:
        ciphertext - the encrypted plaintext and the tag will be written into this buffer.
        plaintext - the input that should be encrypted.
        nonce - the unique nonce used for the encryption.
        Throws:
        java.security.GeneralSecurityException - if ciphertext buffer is short or the nonce does not have the expected size.

      • encrypt

        public void encrypt​(java.nio.ByteBuffer ciphertext,
                    java.nio.ByteBuffer plaintext,
                    java.nio.ByteBuffer aad,
                    byte[] nonce)
             throws java.security.GeneralSecurityException
        Description copied from interface: AeadCrypter
        Encrypt plaintext into ciphertext buffer using the given nonce with authenticated data.
        Specified by:
        encrypt in interface AeadCrypter
        Parameters:
        ciphertext - the encrypted plaintext and the tag will be written into this buffer.
        plaintext - the input that should be encrypted.
        aad - additional data that should be authenticated, but not encrypted.
        nonce - the unique nonce used for the encryption.
        Throws:
        java.security.GeneralSecurityException - if ciphertext buffer is short or the nonce does not have the expected size.

      • decrypt

        public void decrypt​(java.nio.ByteBuffer plaintext,
                    java.nio.ByteBuffer ciphertext,
                    byte[] nonce)
             throws java.security.GeneralSecurityException
        Description copied from interface: AeadCrypter
        Decrypt ciphertext into plaintext buffer using the given nonce.
        Specified by:
        decrypt in interface AeadCrypter
        Parameters:
        plaintext - the decrypted plaintext will be written into this buffer.
        ciphertext - the ciphertext and tag that should be decrypted.
        nonce - the nonce that was used for the encryption.
        Throws:
        java.security.GeneralSecurityException - if the tag is invalid or any of the inputs do not have the expected size.

      • decrypt

        public void decrypt​(java.nio.ByteBuffer plaintext,
                    java.nio.ByteBuffer ciphertext,
                    java.nio.ByteBuffer aad,
                    byte[] nonce)
             throws java.security.GeneralSecurityException
        Description copied from interface: AeadCrypter
        Decrypt ciphertext into plaintext buffer using the given nonce.
        Specified by:
        decrypt in interface AeadCrypter
        Parameters:
        plaintext - the decrypted plaintext will be written into this buffer.
        ciphertext - the ciphertext and tag that should be decrypted.
        aad - additional data that is checked for authenticity.
        nonce - the nonce that was used for the encryption.
        Throws:
        java.security.GeneralSecurityException - if the tag is invalid or any of the inputs do not have the expected size.

      • maybeRekey

        private void maybeRekey​(byte[] nonce)
                 throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException

      • maskNonce

        private static void maskNonce​(byte[] nonceBuffer,
                              byte[] nonceMask,
                              byte[] nonce)

      • hkdfExpandSha256

        private static byte[] hkdfExpandSha256​(byte[] key,
                                       byte[] info)
                                throws java.security.GeneralSecurityException
        Throws:
        java.security.GeneralSecurityException

      • arrayEqualOn

        private static boolean arrayEqualOn​(byte[] a,
                                    int aPos,
                                    byte[] b,
                                    int bPos,
                                    int length)

      • getKeyLength

        static int getKeyLength()