Ciphertext authenticity calculations may be buffering internally. Authenticated encryption with associated data (AEAD) modes such as Galois/Counter Mode (GCM) and Counter with CBC-MAC Mode (CCM) run additional authenticated data (AAD) authenticity calculations before they run ciphertext authenticity calculations. We recommend that you use the updateAAD
method to provide AAD implementations, then use the update
and doFinal
methods to process ciphertext.
1public byte[] createCipherNoncompliant(byte[] key, int tagLength, byte[] ivSource, byte[] salt, byte[] data)
2 throws GeneralSecurityException {
3 SecretKey secretKeySpec = new SecretKeySpec(key, "AES");
4 GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(tagLength, ivSource);
5 Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
6 // Noncompliant: Additional authenticated data (AAD) is not used.
7 cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, gcmParameterSpec);
8 return cipher.doFinal(data);
9}
1public byte[] createCipherCompliant(byte[] key, int tagLength, byte[] ivSource, byte[] salt, byte[] data)
2 throws GeneralSecurityException {
3 SecretKey secretKeySpec = new SecretKeySpec(key, "AES");
4 GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(tagLength, ivSource);
5 Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
6 cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, gcmParameterSpec);
7 // Compliant: Additional authenticated data (AAD) is used.
8 cipher.updateAAD(salt);
9 return cipher.doFinal(data);
10}