[BREAKGLASS] A BoringSSL-backed AES-GCM provider for Android with support for \

Go to file

Greyson Parrelli 97b41a612a Bump version to 0.0.4		2025-04-10 15:39:43 -04:00
gradle/wrapper	Update to NDK r28 to support 16kb pages.	2025-04-10 15:38:52 -04:00
library	Bump version to 0.0.4	2025-04-10 15:39:43 -04:00
.gitignore	Update to NDK r28 to support 16kb pages.	2025-04-10 15:38:52 -04:00
build.gradle	Update to NDK r28 to support 16kb pages.	2025-04-10 15:38:52 -04:00
gradle.properties	README and headers	2019-04-17 19:53:17 -07:00
gradlew	Big bang	2019-04-15 17:52:35 -07:00
gradlew.bat	Big bang	2019-04-15 17:52:35 -07:00
README.md	README and headers	2019-04-17 19:53:17 -07:00
settings.gradle	Big bang	2019-04-15 17:52:35 -07:00

README.md

AES-GCM-Provider

A simple BoringSSL-backed JCE provider for Android projects that wish to have access to "incremental" AES-GCM primitives.

Conscrypt is now the default JCE provider for AES-GCM on Android, but it does not provide "incremental" AES-GCM. All calls to Cipher.update() buffer the data in memory and don't return plaintext/ciphertext until Cipher.doFinal() is called, at which point all buffered data is processed simultaneously. This is "safe," since it prevents the caller from accidentally doing anything with unauthenticated plaintext, but it breaks the existing API, and can introduce crashes for software which was previously processing large blobs, since the default provider now unexpectedly buffers the entire blob in memory.

Using

// Insert provider before Conscrypt
Security.insertProviderAt(new AesGcmProvider(), 1); 

// Construct a cipher and use as normal
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
...

License

Licensed under the AGPLv3: https://www.gnu.org/licenses/agpl-3.0.html