package com.google.crypto.tink.subtle;
import com.google.crypto.tink.Aead;
import java.security.GeneralSecurityException;
import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
public final class AesGcmJce implements Aead {
private static final ThreadLocal<Cipher> localCipher =
new ThreadLocal<Cipher>() {
@Override
protected Cipher initialValue() {
try {
return EngineFactory.CIPHER.getInstance("AES/GCM/NoPadding");
} catch (GeneralSecurityException ex) {
throw new IllegalStateException(ex);
}
}
};
private static final int IV_SIZE_IN_BYTES = 12;
private static final int TAG_SIZE_IN_BYTES = 16;
private final SecretKey keySpec;
public AesGcmJce(final byte[] key) throws GeneralSecurityException {
Validators.validateAesKeySize(key.length);
keySpec = new SecretKeySpec(key, "AES");
}
@Override
public byte[] encrypt(final byte[] plaintext, final byte[] associatedData)
throws GeneralSecurityException {
if (plaintext.length > Integer.MAX_VALUE - IV_SIZE_IN_BYTES - TAG_SIZE_IN_BYTES) {
throw new GeneralSecurityException("plaintext too long");
}
byte[] ciphertext = new byte[IV_SIZE_IN_BYTES + plaintext.length + TAG_SIZE_IN_BYTES];
byte[] iv = Random.randBytes(IV_SIZE_IN_BYTES);
System.arraycopy(iv, 0, ciphertext, 0, IV_SIZE_IN_BYTES);
AlgorithmParameterSpec params = getParams(iv);
localCipher.get().init(Cipher.ENCRYPT_MODE, keySpec, params);
if (associatedData != null && associatedData.length != 0) {
localCipher.get().updateAAD(associatedData);
}
int written =
localCipher.get().doFinal(plaintext, 0, plaintext.length, ciphertext, IV_SIZE_IN_BYTES);
if (written != plaintext.length + TAG_SIZE_IN_BYTES) {
int actualTagSize = written - plaintext.length;
throw new GeneralSecurityException(
String.format(
"encryption failed; GCM tag must be %s bytes, but got only %s bytes",
TAG_SIZE_IN_BYTES, actualTagSize));
}
return ciphertext;
}
@Override
public byte[] decrypt(final byte[] ciphertext, final byte[] associatedData)
throws GeneralSecurityException {
if (ciphertext.length < IV_SIZE_IN_BYTES + TAG_SIZE_IN_BYTES) {
throw new GeneralSecurityException("ciphertext too short");
}
AlgorithmParameterSpec params = getParams(ciphertext, 0, IV_SIZE_IN_BYTES);
localCipher.get().init(Cipher.DECRYPT_MODE, keySpec, params);
if (associatedData != null && associatedData.length != 0) {
localCipher.get().updateAAD(associatedData);
}
return localCipher
.get()
.doFinal(ciphertext, IV_SIZE_IN_BYTES, ciphertext.length - IV_SIZE_IN_BYTES);
}
private static AlgorithmParameterSpec getParams(final byte[] iv) throws GeneralSecurityException {
return getParams(iv, 0, iv.length);
}
private static AlgorithmParameterSpec getParams(final byte[] buf, int offset, int len)
throws GeneralSecurityException {
try {
Class.forName("javax.crypto.spec.GCMParameterSpec");
return new GCMParameterSpec(8 * TAG_SIZE_IN_BYTES, buf, offset, len);
} catch (ClassNotFoundException e) {
if (SubtleUtil.isAndroid()) {
return new IvParameterSpec(buf, offset, len);
}
}
throw new GeneralSecurityException(
"cannot use AES-GCM: javax.crypto.spec.GCMParameterSpec not found");
}
};