You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Xianda Ke (JIRA)" <ji...@apache.org> on 2016/05/25 03:41:13 UTC

[jira] [Commented] (CRYPTO-60) opensslCipher support GCM mode

    [ https://issues.apache.org/jira/browse/CRYPTO-60?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15299404#comment-15299404 ] 

Xianda Ke commented on CRYPTO-60:
---------------------------------

Here is a sample. The behavior is similar to JCE.

{code:title=GCMSample.java|borderStyle=solid}
    CipherTransformation transformation = CipherTransformation.AES_GCM_NOPADDING;
    Properties props = new Properties();
    props.setProperty(ConfigurationKeys.COMMONS_CRYPTO_CIPHER_CLASSES_KEY, cipherClass);
    Random r = new Random();
    int textLength = r.nextInt(1024*1024);
    int ivLength = r.nextInt(60);
    int keyLength = 16;
    int tagLength = 128;  // bits
    int aadLength = r.nextInt(128);

    byte[] keyBytes = new byte[keyLength];
    byte[] plainBytes = new byte[textLength];
    byte[] ivBytes = new byte[ivLength];
    byte[] aadBytes = new byte[aadLength];

    r.nextBytes(keyBytes);
    r.nextBytes(plainBytes);
    r.nextBytes(ivBytes);
    r.nextBytes(aadBytes);

    byte[] encOutput = new byte[plainBytes.length + (tagLength >> 3)];
    byte[] decOutput = new byte[plainBytes.length];

    try {
        CryptoCipher c = Utils.getCipherInstance(transformation, props);
        Key key = new SecretKeySpec(keyBytes, "AES");

        GCMParameterSpec iv = new GCMParameterSpec(tagLength, ivBytes);
        c.init(CryptoCipher.ENCRYPT_MODE, key, iv);
        c.updateAAD(aadBytes);
        c.doFinal(plainBytes, 0, plainBytes.length, encOutput, 0);
        c.close();
    }
    catch (Exception ex) {
        System.out.println(ex.getMessage());
    }

    // Tamper the encrypted data.
    encOutput[0] = (byte)(encOutput[0] + 1);

    try {
        CryptoCipher c = Utils.getCipherInstance(transformation, props);
        Key key = new SecretKeySpec(keyBytes, "AES");

        GCMParameterSpec iv = new GCMParameterSpec(tagLength, ivBytes);
        c.init(CryptoCipher.DECRYPT_MODE, key, iv);
        c.updateAAD(aadBytes);
        c.doFinal(encOutput, 0, encOutput.length, decOutput, 0);
        c.close();
    }
    catch (AEADBadTagException ex) {
        System.out.println(ex.getMessage());  // "Tag mismatch!"
    }

{code}


> opensslCipher support GCM mode 
> -------------------------------
>
>                 Key: CRYPTO-60
>                 URL: https://issues.apache.org/jira/browse/CRYPTO-60
>             Project: Commons Crypto
>          Issue Type: Sub-task
>            Reporter: Xianda Ke
>            Assignee: Xianda Ke
>
> The interface would look like JCE. In encryption mode,  the authenticated tag information is appended at the end of output. 
> In decryption mode, the authenticated tag should appended at the end of input. If the encrypted data is tampered, it will throw an AEADBadTagException.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)