-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathAuthenticatedEncryption.java
112 lines (96 loc) · 4.38 KB
/
AuthenticatedEncryption.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package com.nordea.oss.authenticatedencryption;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import java.util.Base64;
/**
* Authenticated Encryption (AE), Authenticated Encryption with Associated Data (AEAD)
*
* Copyright (c) 2017. Niels Bo <[email protected]>
* Copyright (c) 2017. Nordea Bank AB
* Licensed under the MIT license (LICENSE.txt)
*/
class AuthenticatedEncryption {
private static final String cipher_type = "AES/CBC/PKCS5Padding";//same as PKCS7 padding mode
private static int IV_SIZE = 16;//128 bit
private final byte[] encryption_key;
private final byte[] auth_key;
public AuthenticatedEncryption(byte[] encryption_key, byte[] auth_key) {
this.encryption_key = encryption_key;
this.auth_key = auth_key;
}
public AuthenticatedEncryption(String encryption_key, String auth_key) throws Exception {
this(Base64.getDecoder().decode(encryption_key), Base64.getDecoder().decode((auth_key)));
}
public String encrypt(String input) throws Exception {
return encrypt(input.getBytes("UTF-8"));
}
public String encrypt(byte[] input) throws Exception {
byte[] iv = generateIV();
byte[] ciphertext = encrypt(encryption_key, iv, input);
byte[] ivcipher = concat(iv, ciphertext);
byte[] hmac = generateHMAC(auth_key, ivcipher);
return Base64.getEncoder().encodeToString(concat(ivcipher, hmac));
}
public String decrypt(String base64_payload) throws Exception {
return this.decrypt(Base64.getDecoder().decode(base64_payload));
}
public String decrypt(byte[] encrypted_payload) throws Exception {
byte[] iv = Arrays.copyOf(encrypted_payload, IV_SIZE);
int macLength = hmacLength(auth_key);
byte[] hmac1 = Arrays.copyOfRange(encrypted_payload, encrypted_payload.length - macLength, encrypted_payload.length);
byte[] ciphertext = Arrays.copyOfRange(encrypted_payload, IV_SIZE, encrypted_payload.length - macLength);
byte[] data = concat(iv, ciphertext);
byte[] hmac2 = generateHMAC(auth_key, data);
if (Arrays.equals(hmac1, hmac2)) {
byte[] decrypt = decrypt(encryption_key, iv, ciphertext);
return new String(decrypt, "UTF-8");
} else {
throw new RuntimeException("Incorrect HMAC");
}
}
private byte[] generateIV() throws Exception {
byte[] iv = new byte[IV_SIZE];
SecureRandom randomSecureRandom = SecureRandom.getInstance("SHA1PRNG");
randomSecureRandom.nextBytes(iv);
return iv;
}
private byte[] encrypt(byte[] skey, byte[] iv, byte[] data) throws Exception {
SecretKeySpec key = new SecretKeySpec(skey, "AES");
Cipher cipher = Cipher.getInstance(cipher_type);
AlgorithmParameterSpec param = new IvParameterSpec(iv);
cipher.init(Cipher.ENCRYPT_MODE, key, param);
return cipher.doFinal(data);
}
private byte[] decrypt(byte[] skey, byte[] iv, byte[] data) throws Exception {
SecretKeySpec key = new SecretKeySpec(skey, "AES");
AlgorithmParameterSpec param = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance(cipher_type);
cipher.init(Cipher.DECRYPT_MODE, key, param);
return cipher.doFinal(data);
}
/*
* Generate Hashed Message Authentication Code (HMAC)
*/
private byte[] generateHMAC(byte[] skey, byte[] data) throws Exception {
SecretKeySpec key = new SecretKeySpec(skey, "HmacSHA256");
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
sha256_HMAC.init(key);
return sha256_HMAC.doFinal(data);
}
private int hmacLength(byte[] skey) throws Exception {
SecretKeySpec key = new SecretKeySpec(skey, "HmacSHA256");
Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
sha256_HMAC.init(key);
return sha256_HMAC.getMacLength();
}
private byte[] concat(byte[] first, byte[] second) {
byte[] result = Arrays.copyOf(first, first.length + second.length);
System.arraycopy(second, 0, result, first.length, second.length);
return result;
}
}