Add iv to mac generation

refs #6
patrickfav · Oct 29, 2018 · eee418a · eee418a
1 parent a1175a5
commit eee418a
Showing 1 changed file with 13 additions and 17 deletions.
diff --git a/armadillo/src/main/java/at/favre/lib/armadillo/AesCbcEncryption.java b/armadillo/src/main/java/at/favre/lib/armadillo/AesCbcEncryption.java
@@ -33,10 +33,10 @@
  * j = mac bytes
  * z = content bytes (encrypted content, auth tag)
  *
- * @deprecated this is only meant for Kitkat backwards compatibly as this version and below does not
- * support AES-GCM.
  * @author Patrick Favre-Bulle
  * @since 27.10.2018
+ * @deprecated this is only meant for Kitkat backwards compatibly as this version and below does not
+ * support AES-GCM with JCA.
  */
 @SuppressWarnings({"WeakerAccess", "DeprecatedIsStillUsed"})
 @Deprecated
@@ -80,7 +80,7 @@ public byte[] encrypt(byte[] rawEncryptionKey, byte[] rawData, @Nullable byte[]
 
             encrypted = cipherEnc.doFinal(rawData);
 
-            mac = macCipherText(rawEncryptionKey, encrypted, associatedData);
+            mac = macCipherText(rawEncryptionKey, encrypted, iv, associatedData);
 
             ByteBuffer byteBuffer = ByteBuffer.allocate(1 + iv.length + 1 + mac.length + encrypted.length);
             byteBuffer.put((byte) iv.length);
@@ -104,25 +104,21 @@ private SecretKeySpec createEncryptionKey(byte[] rawEncryptionKey) {
         return new SecretKeySpec(HKDF.fromHmacSha256().expand(rawEncryptionKey, Bytes.from("encKey").array(), rawEncryptionKey.length), "AES");
     }
 
-    private byte[] macCipherText(byte[] rawEncryptionKey, byte[] cipherText, @Nullable byte[] associatedData)
+    private byte[] macCipherText(byte[] rawEncryptionKey, byte[] cipherText, byte[] iv, @Nullable byte[] associatedData)
             throws NoSuchAlgorithmException, InvalidKeyException {
         SecretKey macKey = createMacKey(rawEncryptionKey);
 
         Mac hmac = Mac.getInstance(HMAC_ALGORITHM);
         hmac.init(macKey);
 
-        Bytes cipherBytes = Bytes.wrap(cipherText);
-        try {
-            if (associatedData != null) {
-                cipherBytes = cipherBytes.append(Bytes.wrap(associatedData));
-            }
+        hmac.update(iv);
+        hmac.update(cipherText);
 
-            return hmac.doFinal(cipherBytes.array());
-        } finally {
-            if (associatedData != null) {
-                cipherBytes.mutable().secureWipe();
-            }
+        if (associatedData != null) {
+            hmac.update(associatedData);
         }
+
+        return hmac.doFinal();
     }
 
     @NonNull
@@ -150,7 +146,7 @@ public byte[] decrypt(byte[] rawEncryptionKey, byte[] encryptedData, @Nullable b
             encrypted = new byte[byteBuffer.remaining()];
             byteBuffer.get(encrypted);
 
-            verifyMac(rawEncryptionKey, encrypted, mac, associatedData);
+            verifyMac(rawEncryptionKey, encrypted, iv, mac, associatedData);
 
             final Cipher cipherDec = getCipher();
             cipherDec.init(Cipher.DECRYPT_MODE, createEncryptionKey(rawEncryptionKey), new IvParameterSpec(iv));
@@ -164,9 +160,9 @@ public byte[] decrypt(byte[] rawEncryptionKey, byte[] encryptedData, @Nullable b
         }
     }
 
-    private void verifyMac(byte[] rawEncryptionKey, byte[] cipherText, byte[] mac, @Nullable byte[] associatedData)
+    private void verifyMac(byte[] rawEncryptionKey, byte[] cipherText, byte[] iv, byte[] mac, @Nullable byte[] associatedData)
             throws InvalidKeyException, NoSuchAlgorithmException {
-        byte[] actualMac = macCipherText(rawEncryptionKey, cipherText, associatedData);
+        byte[] actualMac = macCipherText(rawEncryptionKey, cipherText, iv, associatedData);
 
         if (!Bytes.wrap(mac).equalsConstantTime(actualMac)) {
             throw new SecurityException("encryption integrity exception: mac does not match");