Examples of org.bouncycastle.crypto.modes.GCMBlockCipher

• org.bouncycastle.crypto.modes.GCMBlockCipher
  Implements the Galois/Counter mode (GCM) detailed in NIST Special Publication 800-38D.

            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
        }
        else if (modeName.startsWith("GCM"))
        {
            ivLength = baseEngine.getBlockSize();
            cipher = new AEADGenericBlockCipher(new GCMBlockCipher(baseEngine));
        }
        else
        {
            throw new NoSuchAlgorithmException("can't support mode " + mode);
        }

            cipher = new AEADGenericBlockCipher(new EAXBlockCipher(baseEngine));
        }
        else if (modeName.startsWith("GCM"))
        {
            ivLength = baseEngine.getBlockSize();
            cipher = new AEADGenericBlockCipher(new GCMBlockCipher(baseEngine));
        }
        else
        {
            throw new NoSuchAlgorithmException("can't support mode " + mode);
        }

        AESEngine aesEngine = new AESEngine();

        switch (blockMode) {

        case GCM:
            return new GCMBlockCipher(aesEngine);
        default:
            throw new RuntimeException("Block cipher not found");
        }
    }

        AESEngine aesEngine = new AESEngine();

        switch (blockMode) {

        case GCM:
            return new GCMBlockCipher(aesEngine);
        default:
            throw new RuntimeException("Block cipher not found");
        }
    }

        AESEngine aesEngine = new AESEngine();

        switch (blockMode) {

        case GCM:
            return new GCMBlockCipher(aesEngine);
        default:
            throw new RuntimeException("Block cipher not found");
        }
    }

    // Initialise AES cipher
    BlockCipher cipher = AES.createCipher(secretKey, forEncryption);

    // Create GCM cipher with AES
    GCMBlockCipher gcm = new GCMBlockCipher(cipher);

    AEADParameters aeadParams = new AEADParameters(new KeyParameter(secretKey.getEncoded()),
                                             AUTH_TAG_BIT_LENGTH,
                                             iv,
                                             authData);
    gcm.init(forEncryption, aeadParams);

    return gcm;
  }

                                          final byte[] plainText,
                                          final byte[] authData)
    throws RuntimeException {

    // Initialise AES/GCM cipher for encryption
    GCMBlockCipher cipher = createAESGCMCipher(secretKey, true, iv, authData);


    // Prepare output buffer
    int outputLength = cipher.getOutputSize(plainText.length);
    byte[] output = new byte[outputLength];


    // Produce cipher text
    int outputOffset = cipher.processBytes(plainText, 0, plainText.length, output, 0);


    // Produce authentication tag
    try {
      outputOffset += cipher.doFinal(output, outputOffset);

    } catch (InvalidCipherTextException e) {

      throw new RuntimeException("Couldn't generate GCM authentication tag: " + e.getMessage(), e);
    }

                         final byte[] authData,
                         final byte[] authTag)
    throws RuntimeException {

    // Initialise AES/GCM cipher for decryption
    GCMBlockCipher cipher = createAESGCMCipher(secretKey, false, iv, authData);


    // Join cipher text and authentication tag to produce cipher input
    byte[] input = new byte[cipherText.length + authTag.length];

    System.arraycopy(cipherText, 0, input, 0, cipherText.length);
    System.arraycopy(authTag, 0, input, cipherText.length, authTag.length);

    int outputLength = cipher.getOutputSize(input.length);

    byte[] output = new byte[outputLength];


    // Decrypt
    int outputOffset = cipher.processBytes(input, 0, input.length, output, 0);

    // Validate authentication tag
    try {
      outputOffset += cipher.doFinal(output, outputOffset);

    } catch (InvalidCipherTextException e) {

      throw new RuntimeException("Couldn't validate GCM authentication tag: " + e.getMessage(), e);
    }

    // Attack / alter ciphertext (an attacker would do this!)
    byte[] alteredCiphertext = Arrays.clone(originalCiphertext);
    alteredCiphertext[8] = (byte) (alteredCiphertext[8] ^ 0x08); // <<< Change 100$ to 900$

    // Decrypt with BouncyCastle implementation of CipherInputStream
    AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine());
    cipher.init(false, new AEADParameters(new KeyParameter(randomKey), 128, randomIv));

    try {
      readFromStream(new org.bouncycastle.crypto.io.CipherInputStream(new ByteArrayInputStream(alteredCiphertext), cipher));
      //             ^^^^^^^^^^^^^^^ INTERESTING PART ^^^^^^^^^^^^^^^^
      //

    byte[] randomIv = createRandomArray(16);
    byte[] originalPlaintext = createRandomArray(4080); // <<<< 4080 bytes fails, 4079 bytes works!
    byte[] originalCiphertext = encryptWithAesGcm(originalPlaintext, randomKey, randomIv);

    // Decrypt with BouncyCastle implementation of CipherInputStream
    AEADBlockCipher cipher = new GCMBlockCipher(new AESEngine());
    cipher.init(false, new AEADParameters(new KeyParameter(randomKey), 128, randomIv));

    try {
      readFromStream(new org.bouncycastle.crypto.io.CipherInputStream(new ByteArrayInputStream(originalCiphertext), cipher));
      //             ^^^^^^^^^^^^^^^ INTERESTING PART ^^^^^^^^^^^^^^^^
      //