AEAD.java 文件源码

java
阅读 27 收藏 0 点赞 0 评论 0
项目:aes-gcm-siv 作者: 
/**
 * Decrypts the given encrypted message.
 *
 * @param nonce the 12-byte random nonce used to encrypt the message
 * @param ciphertext the returned value from {@link #seal(byte[], byte[], byte[])}
 * @param data the authenticated data used to encrypt the message (may be empty)
 * @return the plaintext message
 */
@CheckReturnValue
public Optional<byte[]> open(byte[] nonce, byte[] ciphertext, byte[] data) {
  if (nonce.length != NONCE_SIZE) {
    throw new IllegalArgumentException("Nonce must be 12 bytes long");
  }

  final byte[] c = new byte[ciphertext.length - AES_BLOCK_SIZE];
  final byte[] tag = new byte[AES_BLOCK_SIZE];
  System.arraycopy(ciphertext, 0, c, 0, c.length);
  System.arraycopy(ciphertext, c.length, tag, 0, tag.length);

  final byte[] authKey = subKey(0, 1, nonce);
  final Cipher encAES = newAES(subKey(2, aes128 ? 3 : 5, nonce));
  aesCTR(encAES, tag, c, c);
  final byte[] actual = hash(encAES, authKey, nonce, c, data);

  if (MessageDigest.isEqual(tag, actual)) {
    return Optional.of(c);
  }
  return Optional.empty();
}
您未登录,请先登录后再评论
评论列表
文章目录


问题


面经


文章

微信
公众号

扫码关注公众号