jdk-sandbox: jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java@982b75e31495 (annotated)

27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	1	/*
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	2	* Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	4	*
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	10	*
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	15	* accompanied this code).
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	16	*
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	20	*
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	23	* questions.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	24	*/
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	25
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	26	package com.oracle.security.ucrypto;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	27
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	28	import java.io.ByteArrayOutputStream;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	29	import java.nio.ByteBuffer;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	30
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	31	import java.util.Set;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	32	import java.util.Arrays;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	33	import java.security.*;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	34	import java.security.spec.*;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	35	import javax.crypto.*;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	36	import javax.crypto.spec.SecretKeySpec;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	37	import javax.crypto.spec.GCMParameterSpec;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	38
35287 e59d934ce2ba 8134605: Partial rework of the fix for 8081297 igerasim parents: 32646 diff changeset	39	import sun.security.jca.JCAUtil;
e59d934ce2ba 8134605: Partial rework of the fix for 8081297 igerasim parents: 32646 diff changeset	40
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	41	/**
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	42	* Cipher wrapper class utilizing ucrypto APIs. This class currently supports
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	43	* - AES/GCM/NoPADDING
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	44	*
35302 e4d2275861c3 8136494: Update "@since 1.9" to "@since 9" to match java.version.specification iris parents: 35287 diff changeset	45	* @since 9
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	46	*/
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	47	class NativeGCMCipher extends NativeCipher {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	48
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	49	public static final class AesGcmNoPadding extends NativeGCMCipher {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	50	public AesGcmNoPadding() throws NoSuchAlgorithmException {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	51	super(-1);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	52	}
31270 e6470b24700d 7191662: JCE providers should be located via ServiceLoader valeriep parents: 30915 diff changeset	53	public AesGcmNoPadding(int keySize) throws NoSuchAlgorithmException {
e6470b24700d 7191662: JCE providers should be located via ServiceLoader valeriep parents: 30915 diff changeset	54	super(keySize);
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	55	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	56	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	57
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	58	private static final int DEFAULT_TAG_LEN = 128; // same as SunJCE provider
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	59
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	60	// buffer for storing AAD data; if null, meaning buffer content has been
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	61	// supplied to native context
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	62	private ByteArrayOutputStream aadBuffer;
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	63
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	64	// buffer for storing input in decryption, not used for encryption
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	65	private ByteArrayOutputStream ibuffer;
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	66
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	67	private int tagLen = DEFAULT_TAG_LEN;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	68
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	69	/*
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	70	* variables used for performing the GCM (key+iv) uniqueness check.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	71	* To use GCM mode safely, the cipher object must be re-initialized
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	72	* with a different combination of key + iv values for each
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	73	* ENCRYPTION operation. However, checking all past key + iv values
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	74	* isn't feasible. Thus, we only do a per-instance check of the
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	75	* key + iv values used in previous encryption.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	76	* For decryption operations, no checking is necessary.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	77	*/
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	78	private boolean requireReinit;
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	79	private byte[] lastEncKey = null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	80	private byte[] lastEncIv = null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	81
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	82	NativeGCMCipher(int fixedKeySize) throws NoSuchAlgorithmException {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	83	super(UcryptoMech.CRYPTO_AES_GCM, fixedKeySize);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	84	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	85
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	86	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	87	protected void ensureInitialized() {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	88	if (!initialized) {
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	89	byte[] aad = null;
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	90	if (aadBuffer != null) {
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	91	if (aadBuffer.size() > 0) {
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	92	aad = aadBuffer.toByteArray();
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	93	}
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	94	}
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	95	init(encrypt, keyValue, iv, tagLen, aad);
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	96	aadBuffer = null;
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	97	if (!initialized) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	98	throw new UcryptoException("Cannot initialize Cipher");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	99	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	100	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	101	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	102
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	103	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	104	protected int getOutputSizeByOperation(int inLen, boolean isDoFinal) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	105	if (inLen < 0) return 0;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	106
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	107	if (!isDoFinal && (inLen == 0)) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	108	return 0;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	109	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	110
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	111	int result = inLen + bytesBuffered;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	112	if (encrypt) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	113	if (isDoFinal) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	114	result += tagLen/8;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	115	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	116	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	117	if (ibuffer != null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	118	result += ibuffer.size();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	119	}
30915 504f95d17f58 8081792: buffer size calculation issue in NativeGCMCipher xuelei parents: 27182 diff changeset	120	result -= tagLen/8;
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	121	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	122	if (result < 0) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	123	result = 0;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	124	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	125	return result;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	126	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	127
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	128	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	129	protected void reset(boolean doCancel) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	130	super.reset(doCancel);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	131	if (aadBuffer == null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	132	aadBuffer = new ByteArrayOutputStream();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	133	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	134	aadBuffer.reset();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	135	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	136
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	137	if (ibuffer != null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	138	ibuffer.reset();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	139	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	140	if (!encrypt) requireReinit = false;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	141	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	142
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	143	// actual init() implementation - caller should clone key and iv if needed
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	144	protected void init(boolean encrypt, byte[] keyVal, byte[] ivVal, int tLen, byte[] aad) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	145	reset(true);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	146	this.encrypt = encrypt;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	147	this.keyValue = keyVal;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	148	this.iv = ivVal;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	149	long pCtxtVal = NativeCipher.nativeInit(mech.value(), encrypt, keyValue, iv,
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	150	tLen, aad);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	151	initialized = (pCtxtVal != 0L);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	152	if (initialized) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	153	pCtxt = new CipherContextRef(this, pCtxtVal, encrypt);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	154	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	155	throw new UcryptoException("Cannot initialize Cipher");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	156	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	157	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	158
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	159	// see JCE spec
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	160	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	161	protected synchronized AlgorithmParameters engineGetParameters() {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	162	AlgorithmParameters params = null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	163	try {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	164	if (iv != null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	165	GCMParameterSpec gcmSpec = new GCMParameterSpec(tagLen, iv.clone());
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	166	params = AlgorithmParameters.getInstance("GCM");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	167	params.init(gcmSpec);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	168	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	169	} catch (GeneralSecurityException e) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	170	// NoSuchAlgorithmException, NoSuchProviderException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	171	// InvalidParameterSpecException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	172	throw new UcryptoException("Could not encode parameters", e);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	173	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	174	return params;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	175	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	176
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	177	// see JCE spec
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	178	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	179	protected synchronized void engineInit(int opmode, Key key,
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	180	AlgorithmParameterSpec params, SecureRandom random)
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	181	throws InvalidKeyException, InvalidAlgorithmParameterException {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	182	checkKey(key);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	183	if (opmode != Cipher.ENCRYPT_MODE &&
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	184	opmode != Cipher.DECRYPT_MODE &&
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	185	opmode != Cipher.WRAP_MODE &&
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	186	opmode != Cipher.UNWRAP_MODE) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	187	throw new InvalidAlgorithmParameterException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	188	("Unsupported mode: " + opmode);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	189	}
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	190	aadBuffer = new ByteArrayOutputStream();
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	191	boolean doEncrypt = (opmode == Cipher.ENCRYPT_MODE \|\| opmode == Cipher.WRAP_MODE);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	192	byte[] keyBytes = key.getEncoded().clone();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	193	byte[] ivBytes = null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	194	if (params != null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	195	if (!(params instanceof GCMParameterSpec)) {
32646 db7c5592a47f 8133535: Better exception messaging in Ucrypto code coffeys parents: 31695 diff changeset	196	throw new InvalidAlgorithmParameterException("GCMParameterSpec required." +
db7c5592a47f 8133535: Better exception messaging in Ucrypto code coffeys parents: 31695 diff changeset	197	" Received: " + params.getClass().getName());
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	198	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	199	tagLen = ((GCMParameterSpec) params).getTLen();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	200	ivBytes = ((GCMParameterSpec) params).getIV();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	201	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	202	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	203	if (doEncrypt) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	204	tagLen = DEFAULT_TAG_LEN;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	205
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	206	// generate IV if none supplied for encryption
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	207	ivBytes = new byte[blockSize];
35287 e59d934ce2ba 8134605: Partial rework of the fix for 8081297 igerasim parents: 32646 diff changeset	208	if (random == null) {
e59d934ce2ba 8134605: Partial rework of the fix for 8081297 igerasim parents: 32646 diff changeset	209	random = JCAUtil.getSecureRandom();
e59d934ce2ba 8134605: Partial rework of the fix for 8081297 igerasim parents: 32646 diff changeset	210	}
e59d934ce2ba 8134605: Partial rework of the fix for 8081297 igerasim parents: 32646 diff changeset	211	random.nextBytes(ivBytes);
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	212	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	213	throw new InvalidAlgorithmParameterException("Parameters required for decryption");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	214	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	215	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	216	if (doEncrypt) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	217	requireReinit = Arrays.equals(ivBytes, lastEncIv) &&
31695 4d10942c9a7b 8074865: General crypto resilience changes valeriep parents: 31270 diff changeset	218	MessageDigest.isEqual(keyBytes, lastEncKey);
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	219	if (requireReinit) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	220	throw new InvalidAlgorithmParameterException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	221	("Cannot reuse iv for GCM encryption");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	222	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	223	lastEncIv = ivBytes;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	224	lastEncKey = keyBytes;
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	225	ibuffer = null;
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	226	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	227	requireReinit = false;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	228	ibuffer = new ByteArrayOutputStream();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	229	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	230	init(doEncrypt, keyBytes, ivBytes, tagLen, null);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	231	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	232
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	233	// see JCE spec
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	234	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	235	protected synchronized void engineInit(int opmode, Key key, AlgorithmParameters params,
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	236	SecureRandom random)
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	237	throws InvalidKeyException, InvalidAlgorithmParameterException {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	238	AlgorithmParameterSpec spec = null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	239	if (params != null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	240	try {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	241	// mech must be UcryptoMech.CRYPTO_AES_GCM
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	242	spec = params.getParameterSpec(GCMParameterSpec.class);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	243	} catch (InvalidParameterSpecException iaps) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	244	throw new InvalidAlgorithmParameterException(iaps);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	245	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	246	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	247	engineInit(opmode, key, spec, random);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	248	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	249
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	250	// see JCE spec
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	251	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	252	protected synchronized byte[] engineUpdate(byte[] in, int inOfs, int inLen) {
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	253	if (aadBuffer != null) {
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	254	if (aadBuffer.size() > 0) {
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	255	// init again with AAD data
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	256	init(encrypt, keyValue, iv, tagLen, aadBuffer.toByteArray());
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	257	}
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	258	aadBuffer = null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	259	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	260	if (requireReinit) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	261	throw new IllegalStateException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	262	("Must use either different key or iv for GCM encryption");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	263	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	264	if (inLen > 0) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	265	if (!encrypt) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	266	ibuffer.write(in, inOfs, inLen);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	267	return null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	268	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	269	return super.engineUpdate(in, inOfs, inLen);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	270	} else return null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	271	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	272
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	273	// see JCE spec
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	274	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	275	protected synchronized int engineUpdate(byte[] in, int inOfs, int inLen, byte[] out,
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	276	int outOfs) throws ShortBufferException {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	277	int len = getOutputSizeByOperation(inLen, false);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	278	if (out.length - outOfs < len) {
32646 db7c5592a47f 8133535: Better exception messaging in Ucrypto code coffeys parents: 31695 diff changeset	279	throw new ShortBufferException("Output buffer must be " +
db7c5592a47f 8133535: Better exception messaging in Ucrypto code coffeys parents: 31695 diff changeset	280	"(at least) " + len + " bytes long. Got: " +
db7c5592a47f 8133535: Better exception messaging in Ucrypto code coffeys parents: 31695 diff changeset	281	(out.length - outOfs));
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	282	}
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	283	if (aadBuffer != null) {
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	284	if (aadBuffer.size() > 0) {
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	285	// init again with AAD data
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	286	init(encrypt, keyValue, iv, tagLen, aadBuffer.toByteArray());
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	287	}
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	288	aadBuffer = null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	289	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	290	if (requireReinit) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	291	throw new IllegalStateException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	292	("Must use either different key or iv for GCM encryption");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	293	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	294	if (inLen > 0) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	295	if (!encrypt) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	296	ibuffer.write(in, inOfs, inLen);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	297	return 0;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	298	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	299	return super.engineUpdate(in, inOfs, inLen, out, outOfs);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	300	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	301	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	302	return 0;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	303	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	304
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	305	// see JCE spec
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	306	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	307	protected synchronized void engineUpdateAAD(byte[] src, int srcOfs, int srcLen)
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	308	throws IllegalStateException {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	309
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	310	if ((src == null) \|\| (srcOfs < 0) \|\| (srcOfs + srcLen > src.length)) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	311	throw new IllegalArgumentException("Invalid AAD");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	312	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	313	if (keyValue == null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	314	throw new IllegalStateException("Need to initialize Cipher first");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	315	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	316	if (requireReinit) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	317	throw new IllegalStateException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	318	("Must use either different key or iv for GCM encryption");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	319	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	320	if (aadBuffer != null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	321	aadBuffer.write(src, srcOfs, srcLen);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	322	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	323	// update has already been called
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	324	throw new IllegalStateException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	325	("Update has been called; no more AAD data");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	326	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	327	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	328
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	329	// see JCE spec
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	330	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	331	protected void engineUpdateAAD(ByteBuffer src)
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	332	throws IllegalStateException {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	333	if (src == null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	334	throw new IllegalArgumentException("Invalid AAD");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	335	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	336	if (keyValue == null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	337	throw new IllegalStateException("Need to initialize Cipher first");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	338	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	339	if (requireReinit) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	340	throw new IllegalStateException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	341	("Must use either different key or iv for GCM encryption");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	342	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	343	if (aadBuffer != null) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	344	if (src.hasRemaining()) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	345	byte[] srcBytes = new byte[src.remaining()];
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	346	src.get(srcBytes);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	347	aadBuffer.write(srcBytes, 0, srcBytes.length);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	348	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	349	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	350	// update has already been called
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	351	throw new IllegalStateException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	352	("Update has been called; no more AAD data");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	353	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	354	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	355
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	356	// see JCE spec
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	357	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	358	protected synchronized byte[] engineDoFinal(byte[] in, int inOfs, int inLen)
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	359	throws IllegalBlockSizeException, BadPaddingException {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	360	byte[] out = new byte[getOutputSizeByOperation(inLen, true)];
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	361	try {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	362	// delegate to the other engineDoFinal(...) method
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	363	int k = engineDoFinal(in, inOfs, inLen, out, 0);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	364	if (out.length != k) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	365	out = Arrays.copyOf(out, k);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	366	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	367	return out;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	368	} catch (ShortBufferException e) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	369	throw new UcryptoException("Internal Error", e);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	370	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	371	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	372
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	373	// see JCE spec
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	374	@Override
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	375	protected synchronized int engineDoFinal(byte[] in, int inOfs, int inLen,
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	376	byte[] out, int outOfs)
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	377	throws ShortBufferException, IllegalBlockSizeException,
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	378	BadPaddingException {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	379	int len = getOutputSizeByOperation(inLen, true);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	380	if (out.length - outOfs < len) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	381	throw new ShortBufferException("Output buffer must be "
32646 db7c5592a47f 8133535: Better exception messaging in Ucrypto code coffeys parents: 31695 diff changeset	382	+ "(at least) " + len + " bytes long. Got: " +
db7c5592a47f 8133535: Better exception messaging in Ucrypto code coffeys parents: 31695 diff changeset	383	(out.length - outOfs));
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	384	}
39750 982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	385	if (aadBuffer != null) {
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	386	if (aadBuffer.size() > 0) {
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	387	// init again with AAD data
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	388	init(encrypt, keyValue, iv, tagLen, aadBuffer.toByteArray());
982b75e31495 8149070: Enforce update ordering valeriep parents: 35302 diff changeset	389	}
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	390	aadBuffer = null;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	391	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	392	if (requireReinit) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	393	throw new IllegalStateException
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	394	("Must use either different key or iv for GCM encryption");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	395	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	396	if (!encrypt) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	397	if (inLen > 0) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	398	ibuffer.write(in, inOfs, inLen);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	399	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	400	inLen = ibuffer.size();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	401	if (inLen < tagLen/8) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	402	// Otherwise, Solaris lib will error out w/ CRYPTO_BUFFER_TOO_SMALL
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	403	// when ucrypto_decrypt_final() is called
32646 db7c5592a47f 8133535: Better exception messaging in Ucrypto code coffeys parents: 31695 diff changeset	404	throw new AEADBadTagException("Input too short - need tag." +
db7c5592a47f 8133535: Better exception messaging in Ucrypto code coffeys parents: 31695 diff changeset	405	" inLen: " + inLen + ". tagLen: " + tagLen);
27182 4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	406	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	407	// refresh 'in' to all buffered-up bytes
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	408	in = ibuffer.toByteArray();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	409	inOfs = 0;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	410	ibuffer.reset();
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	411	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	412	try {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	413	return super.engineDoFinal(in, inOfs, inLen, out, outOfs);
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	414	} catch (UcryptoException ue) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	415	if (ue.getMessage().equals("CRYPTO_INVALID_MAC")) {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	416	throw new AEADBadTagException("Tag does not match");
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	417	} else {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	418	// pass it up
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	419	throw ue;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	420	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	421	} finally {
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	422	requireReinit = encrypt;
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	423	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	424	}
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo valeriep parents: diff changeset	425	}

author	valeriep
	Fri, 11 Mar 2016 23:54:17 +0000
changeset 39750	982b75e31495
parent 35302	e4d2275861c3
child 39752	365d487907ac
permissions	-rw-r--r--