Package com.google.crypto.tink.subtle

Class EncryptThenAuthenticate

  • All Implemented Interfaces:
    Aead
    public final class EncryptThenAuthenticate
extends java.lang.Object
implements Aead
    This primitive performs an encrypt-then-Mac operation on plaintext and associated data (ad).

    The Mac is computed over (ad || ciphertext || size of ad), thus it doesn't violate the Horton Principle. This implementation is based on Authenticated Encryption with AES-CBC and HMAC-SHA.

    Since:
    1.0.0

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static Aead create​(AesCtrHmacAeadKey key)
      Create an AES CTR HMAC instance.
      byte[] decrypt​(byte[] ciphertext, byte[] associatedData)
      Decrypts ciphertext with associatedData as associated data.
      byte[] encrypt​(byte[] plaintext, byte[] associatedData)
      Encrypts plaintext with associatedData.
      static Aead newAesCtrHmac​(byte[] aesCtrKey, int ivSize, java.lang.String hmacAlgorithm, byte[] hmacKey, int tagSize)
      Returns a new EncryptThenAuthenticate instance using AES-CTR and HMAC.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • EncryptThenAuthenticate

        public EncryptThenAuthenticate​(IndCpaCipher cipher,
                               Mac mac,
                               int macLength)

    • Method Detail

      • create

        public static Aead create​(AesCtrHmacAeadKey key)
                   throws java.security.GeneralSecurityException
        Create an AES CTR HMAC instance. This instance is *full*, meaning that, if the key is of the type TINK or CRUNCHY, the ciphertexts created by this instance will be prefixed with `outputPrefix` containing some important Tink metadata.
        Throws:
        java.security.GeneralSecurityException

      • newAesCtrHmac

        public static Aead newAesCtrHmac​(byte[] aesCtrKey,
                                 int ivSize,
                                 java.lang.String hmacAlgorithm,
                                 byte[] hmacKey,
                                 int tagSize)
                          throws java.security.GeneralSecurityException
        Returns a new EncryptThenAuthenticate instance using AES-CTR and HMAC. This is an older method that doesn't use the new Tink keys API, thus the returned instance is not a full primitive. This means that `outputPrefix` is always empty even for TINK/CRUNCHY type keys.
        Throws:
        java.security.GeneralSecurityException

      • encrypt

        public byte[] encrypt​(byte[] plaintext,
                      byte[] associatedData)
               throws java.security.GeneralSecurityException
        Encrypts plaintext with associatedData. The resulting ciphertext allows for checking authenticity and integrity of associated data (ad), but does not guarantee its secrecy.

        The plaintext is encrypted with an IndCpaCipher, then MAC is computed over (ad || ciphertext || t) where t is ad's length in bits represented as 64-bit bigendian unsigned integer. The final ciphertext format is (output prefix || ind-cpa ciphertext || mac).

        Specified by:
        encrypt in interface Aead
        Parameters:
        plaintext - the plaintext to be encrypted. It must be non-null, but can also be an empty (zero-length) byte array
        associatedData - associated data to be authenticated, but not encrypted. Associated data is optional, so this parameter can be null. In this case the null value is equivalent to an empty (zero-length) byte array. For successful decryption the same associatedData must be provided along with the ciphertext.
        Returns:
        resulting ciphertext.
        Throws:
        java.security.GeneralSecurityException

      • decrypt

        public byte[] decrypt​(byte[] ciphertext,
                      byte[] associatedData)
               throws java.security.GeneralSecurityException
        Decrypts ciphertext with associatedData as associated data. The decryption verifies the authenticity and integrity of associated data (ad), but there are no guarantees with respect to secrecy of that data.

        The ciphertext format is output prefix || ciphertext || mac. If present, the correctness of output prefix is verified. The MAC is verified against (ad || ciphertext || t) where t is ad's length in bits represented as 64-bit big-endian unsigned integer.

        Specified by:
        decrypt in interface Aead
        Parameters:
        ciphertext - the plaintext to be decrypted. It must be non-null.
        associatedData - associated data to be authenticated. For successful decryption it must be the same as associatedData used during encryption. Can be null, which is equivalent to an empty (zero-length) byte array.
        Returns:
        resulting plaintext.
        Throws:
        java.security.GeneralSecurityException - if decryption fails. Decryption must fail if ciphertext is not correctly authenticated for the given associatedData.