java_src/src/main/java/com/google/crypto/tink/integration/android/AndroidKeystoreAesGcm.java - third_party/tink - Git at Google

 // Copyright 2017 Google Inc.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////

 package com.google.crypto.tink.integration.android;

 import com.google.crypto.tink.Aead;
 import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
 import java.security.KeyStore;
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.GCMParameterSpec;

 /**
  * An {@link Aead} that does AES-GCM encryption with a key stored in <a
  * href="https://developer.android.com/training/articles/keystore.html">Android Keystore</a>.
  *
  * <p>This class requires Android M (API level 23) or newer.
  *
  * @since 1.0.0
  */
 public final class AndroidKeystoreAesGcm implements Aead {
   // All instances of this class use a 12 byte IV and a 16 byte tag.
   private static final int IV_SIZE_IN_BYTES = 12;
   private static final int TAG_SIZE_IN_BYTES = 16;

   private final SecretKey key;

   public AndroidKeystoreAesGcm(String keyId) throws GeneralSecurityException, IOException {
     KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
     keyStore.load(null /* param */);
     key = (SecretKey) keyStore.getKey(keyId, null /* password */);
     if (key == null) {
       throw new InvalidKeyException("Keystore cannot load the key with ID: " + keyId);
     }
   }

   /** This is for testing only */
   AndroidKeystoreAesGcm(String keyId, KeyStore keyStore) throws GeneralSecurityException {
     key = (SecretKey) keyStore.getKey(keyId, null /* password */);
     if (key == null) {
       throw new InvalidKeyException("Keystore cannot load the key with ID: " + keyId);
     }
   }

   @Override
   public byte[] encrypt(final byte[] plaintext, final byte[] aad)
       throws GeneralSecurityException {
     // Check that ciphertext is not longer than the max. size of a Java array.
     if (plaintext.length > Integer.MAX_VALUE - IV_SIZE_IN_BYTES - TAG_SIZE_IN_BYTES) {
       throw new GeneralSecurityException("plaintext too long");
     }
     byte[] ciphertext = new byte[IV_SIZE_IN_BYTES + plaintext.length + TAG_SIZE_IN_BYTES];
     Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
     cipher.init(Cipher.ENCRYPT_MODE, key);
     cipher.updateAAD(aad);
     int unusedWritten = cipher.doFinal(plaintext, 0, plaintext.length, ciphertext,
         IV_SIZE_IN_BYTES);
     // Copy the IV that is randomly generated by Android Keystore.
     System.arraycopy(cipher.getIV(), 0, ciphertext, 0, IV_SIZE_IN_BYTES);
     return ciphertext;
   }

   @Override
   public byte[] decrypt(final byte[] ciphertext, final byte[] aad)
       throws GeneralSecurityException {
     if (ciphertext.length < IV_SIZE_IN_BYTES + TAG_SIZE_IN_BYTES) {
       throw new GeneralSecurityException("ciphertext too short");
     }
     GCMParameterSpec params =
         new GCMParameterSpec(8 * TAG_SIZE_IN_BYTES, ciphertext, 0, IV_SIZE_IN_BYTES);
     Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
     cipher.init(Cipher.DECRYPT_MODE, key, params);
     cipher.updateAAD(aad);
     return cipher.doFinal(
         ciphertext, IV_SIZE_IN_BYTES, ciphertext.length - IV_SIZE_IN_BYTES);
   }
 }
	// Copyright 2017 Google Inc.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.
	//
	////////////////////////////////////////////////////////////////////////////////

	package com.google.crypto.tink.integration.android;

	import com.google.crypto.tink.Aead;
	import java.io.IOException;
	import java.security.GeneralSecurityException;
	import java.security.InvalidKeyException;
	import java.security.KeyStore;
	import javax.crypto.Cipher;
	import javax.crypto.SecretKey;
	import javax.crypto.spec.GCMParameterSpec;

	/**
	* An {@link Aead} that does AES-GCM encryption with a key stored in <a
	* href="https://developer.android.com/training/articles/keystore.html">Android Keystore</a>.
	*
	* <p>This class requires Android M (API level 23) or newer.
	*
	* @since 1.0.0
	*/
	public final class AndroidKeystoreAesGcm implements Aead {
	// All instances of this class use a 12 byte IV and a 16 byte tag.
	private static final int IV_SIZE_IN_BYTES = 12;
	private static final int TAG_SIZE_IN_BYTES = 16;

	private final SecretKey key;

	public AndroidKeystoreAesGcm(String keyId) throws GeneralSecurityException, IOException {
	KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
	keyStore.load(null /* param */);
	key = (SecretKey) keyStore.getKey(keyId, null /* password */);
	if (key == null) {
	throw new InvalidKeyException("Keystore cannot load the key with ID: " + keyId);
	}
	}

	/** This is for testing only */
	AndroidKeystoreAesGcm(String keyId, KeyStore keyStore) throws GeneralSecurityException {
	key = (SecretKey) keyStore.getKey(keyId, null /* password */);
	if (key == null) {
	throw new InvalidKeyException("Keystore cannot load the key with ID: " + keyId);
	}
	}

	@Override
	public byte[] encrypt(final byte[] plaintext, final byte[] aad)
	throws GeneralSecurityException {
	// Check that ciphertext is not longer than the max. size of a Java array.
	if (plaintext.length > Integer.MAX_VALUE - IV_SIZE_IN_BYTES - TAG_SIZE_IN_BYTES) {
	throw new GeneralSecurityException("plaintext too long");
	}
	byte[] ciphertext = new byte[IV_SIZE_IN_BYTES + plaintext.length + TAG_SIZE_IN_BYTES];
	Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
	cipher.init(Cipher.ENCRYPT_MODE, key);
	cipher.updateAAD(aad);
	int unusedWritten = cipher.doFinal(plaintext, 0, plaintext.length, ciphertext,
	IV_SIZE_IN_BYTES);
	// Copy the IV that is randomly generated by Android Keystore.
	System.arraycopy(cipher.getIV(), 0, ciphertext, 0, IV_SIZE_IN_BYTES);
	return ciphertext;
	}

	@Override
	public byte[] decrypt(final byte[] ciphertext, final byte[] aad)
	throws GeneralSecurityException {
	if (ciphertext.length < IV_SIZE_IN_BYTES + TAG_SIZE_IN_BYTES) {
	throw new GeneralSecurityException("ciphertext too short");
	}
	GCMParameterSpec params =
	new GCMParameterSpec(8 * TAG_SIZE_IN_BYTES, ciphertext, 0, IV_SIZE_IN_BYTES);
	Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
	cipher.init(Cipher.DECRYPT_MODE, key, params);
	cipher.updateAAD(aad);
	return cipher.doFinal(
	ciphertext, IV_SIZE_IN_BYTES, ciphertext.length - IV_SIZE_IN_BYTES);
	}
	}