Package com.google.crypto.tink.aead.internal

Class AesGcmSiv

java.lang.Object

com.google.crypto.tink.aead.internal.AesGcmSiv

All Implemented Interfaces:

Aead

public final class AesGcmSiv
extends java.lang.Object
implements Aead

This primitive implements AES-GCM-SIV (as defined in RFC 8452) using JCE.

This encryption mode is intended for authenticated encryption with associated data. A major security problem with AES-GCM is that reusing the same nonce twice leaks the authentication key. AES-GCM-SIV on the other hand has been designed to avoid this vulnerability.

This encryption requires a JCE provider that supports the AES/GCM-SIV/NoPadding transformation such as Conscrypt. using JCE.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static interface	AesGcmSiv.ThrowingSupplier<T>	A supplier that can throw a GeneralSecurityException.

Method Summary

Modifier and Type	Method	Description
static Aead	create(AesGcmSivKey key, AesGcmSiv.ThrowingSupplier<javax.crypto.Cipher> cipherSupplier)	Creates an Aead for AES GCM SIV.
byte[]	decrypt(byte[] ciphertext, byte[] associatedData)	On Android KitKat (API level 19) this method does not support non null or non empty associatedData.
byte[]	encrypt(byte[] plaintext, byte[] associatedData)	On Android KitKat (API level 19) this method does not support non null or non empty associatedData.
static boolean	isAesGcmSivCipher(javax.crypto.Cipher cipher)	Returns true if the cipher is an AES-GCM-SIV cipher.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

isAesGcmSivCipher

public static boolean isAesGcmSivCipher(javax.crypto.Cipher cipher)

Returns true if the cipher is an AES-GCM-SIV cipher.

On Android API version 29 and older, Cipher.getInstance("AES/GCM-SIV/NoPadding") returns an AES-GCM cipher instead of an AES GCM SIV cipher. This function tests if we have a correct cipher.

create

public static Aead create(AesGcmSivKey key,
                          AesGcmSiv.ThrowingSupplier<javax.crypto.Cipher> cipherSupplier)
                   throws java.security.GeneralSecurityException

Creates an Aead for AES GCM SIV.

This function assumes that cipherSupplier provides correct implementations of AES GCM SIV. CipherSupplier may use isAesGcmSivCipher to ensure this.

Throws:

java.security.GeneralSecurityException

encrypt

public byte[] encrypt(byte[] plaintext,
                      byte[] associatedData)
               throws java.security.GeneralSecurityException

On Android KitKat (API level 19) this method does not support non null or non empty associatedData. It might not work at all in older versions.

Specified by:

encrypt in interface Aead

Parameters:

plaintext - the plaintext to be encrypted. It must be non-null, but can also be an empty (zero-length) byte array

associatedData - associated data to be authenticated, but not encrypted. Associated data is optional, so this parameter can be null. In this case the null value is equivalent to an empty (zero-length) byte array. For successful decryption the same associatedData must be provided along with the ciphertext.

Returns:

resulting ciphertext

Throws:

java.security.GeneralSecurityException

decrypt

public byte[] decrypt(byte[] ciphertext,
                      byte[] associatedData)
               throws java.security.GeneralSecurityException

On Android KitKat (API level 19) this method does not support non null or non empty associatedData. It might not work at all in older versions.

Specified by:

decrypt in interface Aead

Parameters:

ciphertext - the plaintext to be decrypted. It must be non-null.

associatedData - associated data to be authenticated. For successful decryption it must be the same as associatedData used during encryption. Can be null, which is equivalent to an empty (zero-length) byte array.

Returns:

resulting plaintext

Throws:

java.security.GeneralSecurityException - if decryption fails. Decryption must fail if ciphertext is not correctly authenticated for the given associatedData.