Mercurial Mercurial > jdk-sandbox / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
author eosterlund
Mon, 29 Jul 2019 13:57:54 +0200
changeset 57582 a79a819a8218
parent 49789 27b359322b1e
permissions -rw-r--r--
8227407: ZGC: C2 loads and load barriers can get separated by safepoints Reviewed-by: neliasso, smonteith, roland
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
27182
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
     1
 
/*
49789
27b359322b1e 8193409: Improve AES supporting classes
apetcher
parents: 47216
diff changeset 
     2
 
 * Copyright (c) 2014, 2018, Oracle and/or its affiliates. All rights reserved.
27182
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
     3
 
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
     4
 
 *
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
     5
 
 * This code is free software; you can redistribute it and/or modify it
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
     6
 
 * under the terms of the GNU General Public License version 2 only, as
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
     7
 
 * published by the Free Software Foundation.  Oracle designates this
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
     8
 
 * particular file as subject to the "Classpath" exception as provided
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
     9
 
 * by Oracle in the LICENSE file that accompanied this code.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    10
 
 *
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    11
 
 * This code is distributed in the hope that it will be useful, but WITHOUT
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    12
 
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    13
 
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    14
 
 * version 2 for more details (a copy is included in the LICENSE file that
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    15
 
 * accompanied this code).
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    16
 
 *
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    17
 
 * You should have received a copy of the GNU General Public License version
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    18
 
 * 2 along with this work; if not, write to the Free Software Foundation,
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    19
 
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    20
 
 *
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    21
 
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    22
 
 * or visit www.oracle.com if you need additional information or have any
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    23
 
 * questions.
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    24
 
 */
4525d13b8af1 8046002: Move Ucrypto to the open jdk repo
valeriep
parents:
diff changeset 
    25
 












4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    26


package com.oracle.security.ucrypto;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    27














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    28


import java.io.ByteArrayOutputStream;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    29


import java.nio.ByteBuffer;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    30














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    31


import java.util.Set;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    32


import java.util.Arrays;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    33


import java.security.*;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    34


import java.security.spec.*;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    35


import javax.crypto.*;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    36


import javax.crypto.spec.SecretKeySpec;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    37


import javax.crypto.spec.GCMParameterSpec;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    38









35287






e59d934ce2ba
8134605: Partial rework of the fix for 8081297



igerasim


parents: 
32646

diff
changeset




    39


import sun.security.jca.JCAUtil;













e59d934ce2ba
8134605: Partial rework of the fix for 8081297



igerasim


parents: 
32646

diff
changeset




    40









27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    41


/**













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    42


 * Cipher wrapper class utilizing ucrypto APIs. This class currently supports













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    43


 * - AES/GCM/NoPADDING













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    44


 *








35302






e4d2275861c3
8136494: Update "@since 1.9" to "@since 9" to match java.version.specification



iris


parents: 
35287

diff
changeset




    45


 * @since 9








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    46


 */













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    47


class NativeGCMCipher extends NativeCipher {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    48














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    49


    public static final class AesGcmNoPadding extends NativeGCMCipher {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    50


        public AesGcmNoPadding() throws NoSuchAlgorithmException {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    51


            super(-1);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    52


        }








31270






e6470b24700d
7191662: JCE providers should be located via ServiceLoader



valeriep


parents: 
30915

diff
changeset




    53


        public AesGcmNoPadding(int keySize) throws NoSuchAlgorithmException {













e6470b24700d
7191662: JCE providers should be located via ServiceLoader



valeriep


parents: 
30915

diff
changeset




    54


            super(keySize);








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    55


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    56


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    57














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    58


    private static final int DEFAULT_TAG_LEN = 128; // same as SunJCE provider













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    59









39752






365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    60


    // same as SunJCE provider, see GaloisCounterMode.java for details













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    61


    private static final int MAX_BUF_SIZE = Integer.MAX_VALUE;













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    62









27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    63


    // buffer for storing AAD data; if null, meaning buffer content has been













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    64


    // supplied to native context








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




    65


    private ByteArrayOutputStream aadBuffer;








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    66














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    67


    // buffer for storing input in decryption, not used for encryption








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




    68


    private ByteArrayOutputStream ibuffer;








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    69









39752






365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    70


    // needed for checking against MAX_BUF_SIZE













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    71


    private int processed;













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    72









27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    73


    private int tagLen = DEFAULT_TAG_LEN;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    74














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    75


    /*













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    76


     * variables used for performing the GCM (key+iv) uniqueness check.













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    77


     * To use GCM mode safely, the cipher object must be re-initialized













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    78


     * with a different combination of key + iv values for each













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    79


     * ENCRYPTION operation. However, checking all past key + iv values













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    80


     * isn't feasible. Thus, we only do a per-instance check of the













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    81


     * key + iv values used in previous encryption.













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    82


     * For decryption operations, no checking is necessary.













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    83


     */








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




    84


    private boolean requireReinit;








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    85


    private byte[] lastEncKey = null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    86


    private byte[] lastEncIv = null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




    87









39752






365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    88


    private void checkAndUpdateProcessed(int len) {













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    89


        // Currently, cipher text and tag are packed in one byte array, so













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    90


        // the impl-specific limit for input data size is (MAX_BUF_SIZE - tagLen)













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    91


        int inputDataLimit = MAX_BUF_SIZE - tagLen;













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    92














365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    93


        if (processed > inputDataLimit - len) {













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    94


            throw new ProviderException("OracleUcrypto provider only supports " +













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    95


                "input size up to " + inputDataLimit + " bytes");













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    96


        }













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    97


        processed += len;













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    98


    }













365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




    99









27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   100


    NativeGCMCipher(int fixedKeySize) throws NoSuchAlgorithmException {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   101


        super(UcryptoMech.CRYPTO_AES_GCM, fixedKeySize);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   102


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   103














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   104


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   105


    protected void ensureInitialized() {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   106


        if (!initialized) {








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   107


            byte[] aad = null;













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   108


            if (aadBuffer != null) {













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   109


                if (aadBuffer.size() > 0) {













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   110


                    aad = aadBuffer.toByteArray();













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   111


                }








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   112


            }








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   113


            init(encrypt, keyValue, iv, tagLen, aad);













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   114


            aadBuffer = null;








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   115


            if (!initialized) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   116


                throw new UcryptoException("Cannot initialize Cipher");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   117


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   118


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   119


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   120














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   121


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   122


    protected int getOutputSizeByOperation(int inLen, boolean isDoFinal) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   123


        if (inLen < 0) return 0;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   124














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   125


        if (!isDoFinal && (inLen == 0)) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   126


            return 0;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   127


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   128














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   129


        int result = inLen + bytesBuffered;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   130


        if (encrypt) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   131


            if (isDoFinal) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   132


                result += tagLen/8;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   133


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   134


        } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   135


            if (ibuffer != null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   136


                result += ibuffer.size();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   137


            }








30915






504f95d17f58
8081792: buffer size calculation issue in NativeGCMCipher



xuelei


parents: 
27182

diff
changeset




   138


            result -= tagLen/8;








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   139


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   140


        if (result < 0) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   141


            result = 0;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   142


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   143


        return result;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   144


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   145














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   146


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   147


    protected void reset(boolean doCancel) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   148


        super.reset(doCancel);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   149


        if (aadBuffer == null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   150


            aadBuffer = new ByteArrayOutputStream();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   151


        } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   152


            aadBuffer.reset();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   153


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   154














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   155


        if (ibuffer != null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   156


            ibuffer.reset();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   157


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   158


        if (!encrypt) requireReinit = false;








39752






365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




   159


        processed = 0;








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   160


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   161














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   162


    // actual init() implementation - caller should clone key and iv if needed













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   163


    protected void init(boolean encrypt, byte[] keyVal, byte[] ivVal, int tLen, byte[] aad) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   164


        reset(true);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   165


        this.encrypt = encrypt;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   166


        this.keyValue = keyVal;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   167


        this.iv = ivVal;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   168


        long pCtxtVal = NativeCipher.nativeInit(mech.value(), encrypt, keyValue, iv,













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   169


            tLen, aad);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   170


        initialized = (pCtxtVal != 0L);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   171


        if (initialized) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   172


            pCtxt = new CipherContextRef(this, pCtxtVal, encrypt);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   173


        } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   174


            throw new UcryptoException("Cannot initialize Cipher");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   175


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   176


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   177














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   178


    // see JCE spec













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   179


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   180


    protected synchronized AlgorithmParameters engineGetParameters() {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   181


        AlgorithmParameters params = null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   182


        try {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   183


            if (iv != null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   184


                GCMParameterSpec gcmSpec = new GCMParameterSpec(tagLen, iv.clone());













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   185


                params = AlgorithmParameters.getInstance("GCM");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   186


                params.init(gcmSpec);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   187


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   188


        } catch (GeneralSecurityException e) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   189


            // NoSuchAlgorithmException, NoSuchProviderException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   190


            // InvalidParameterSpecException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   191


            throw new UcryptoException("Could not encode parameters", e);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   192


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   193


        return params;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   194


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   195














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   196


    // see JCE spec













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   197


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   198


    protected synchronized void engineInit(int opmode, Key key,













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   199


            AlgorithmParameterSpec params, SecureRandom random)













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   200


            throws InvalidKeyException, InvalidAlgorithmParameterException {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   201


        checkKey(key);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   202


        if (opmode != Cipher.ENCRYPT_MODE &&













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   203


            opmode != Cipher.DECRYPT_MODE &&













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   204


            opmode != Cipher.WRAP_MODE &&













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   205


            opmode != Cipher.UNWRAP_MODE) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   206


            throw new InvalidAlgorithmParameterException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   207


                ("Unsupported mode: " + opmode);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   208


        }








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   209


        aadBuffer = new ByteArrayOutputStream();








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   210


        boolean doEncrypt = (opmode == Cipher.ENCRYPT_MODE || opmode == Cipher.WRAP_MODE);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   211


        byte[] keyBytes = key.getEncoded().clone();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   212


        byte[] ivBytes = null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   213


        if (params != null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   214


            if (!(params instanceof GCMParameterSpec)) {








32646






db7c5592a47f
8133535: Better exception messaging in Ucrypto code



coffeys


parents: 
31695

diff
changeset




   215


                throw new InvalidAlgorithmParameterException("GCMParameterSpec required." +













db7c5592a47f
8133535: Better exception messaging in Ucrypto code



coffeys


parents: 
31695

diff
changeset




   216


                    " Received: " + params.getClass().getName());








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   217


            } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   218


                tagLen = ((GCMParameterSpec) params).getTLen();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   219


                ivBytes = ((GCMParameterSpec) params).getIV();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   220


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   221


        } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   222


            if (doEncrypt) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   223


                tagLen = DEFAULT_TAG_LEN;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   224














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   225


                // generate IV if none supplied for encryption













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   226


                ivBytes = new byte[blockSize];








35287






e59d934ce2ba
8134605: Partial rework of the fix for 8081297



igerasim


parents: 
32646

diff
changeset




   227


                if (random == null) {













e59d934ce2ba
8134605: Partial rework of the fix for 8081297



igerasim


parents: 
32646

diff
changeset




   228


                    random = JCAUtil.getSecureRandom();













e59d934ce2ba
8134605: Partial rework of the fix for 8081297



igerasim


parents: 
32646

diff
changeset




   229


                }













e59d934ce2ba
8134605: Partial rework of the fix for 8081297



igerasim


parents: 
32646

diff
changeset




   230


                random.nextBytes(ivBytes);








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   231


            } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   232


                throw new InvalidAlgorithmParameterException("Parameters required for decryption");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   233


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   234


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   235


        if (doEncrypt) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   236


            requireReinit = Arrays.equals(ivBytes, lastEncIv) &&








31695






4d10942c9a7b
8074865: General crypto resilience changes



valeriep


parents: 
31270

diff
changeset




   237


                MessageDigest.isEqual(keyBytes, lastEncKey);








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   238


            if (requireReinit) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   239


                throw new InvalidAlgorithmParameterException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   240


                    ("Cannot reuse iv for GCM encryption");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   241


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   242


            lastEncIv = ivBytes;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   243


            lastEncKey = keyBytes;








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   244


            ibuffer = null;








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   245


        } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   246


            requireReinit = false;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   247


            ibuffer = new ByteArrayOutputStream();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   248


        }








49789






27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   249


        try {













27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   250


            init(doEncrypt, keyBytes, ivBytes, tagLen, null);













27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   251


        } catch (UcryptoException ex) {













27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   252


            if (ex.getError() ==













27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   253


                UcryptoException.Error.CRYPTO_MECHANISM_PARAM_INVALID) {













27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   254














27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   255


                throw new InvalidAlgorithmParameterException(ex.getMessage());













27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   256


            } else {













27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   257


                throw ex;













27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   258


            }













27b359322b1e
8193409: Improve AES supporting classes



apetcher


parents: 
47216

diff
changeset




   259


        }








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   260


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   261














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   262


    // see JCE spec













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   263


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   264


    protected synchronized void engineInit(int opmode, Key key, AlgorithmParameters params,













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   265


            SecureRandom random)













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   266


            throws InvalidKeyException, InvalidAlgorithmParameterException {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   267


        AlgorithmParameterSpec spec = null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   268


        if (params != null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   269


            try {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   270


                // mech must be UcryptoMech.CRYPTO_AES_GCM













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   271


                spec = params.getParameterSpec(GCMParameterSpec.class);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   272


            } catch (InvalidParameterSpecException iaps) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   273


                throw new InvalidAlgorithmParameterException(iaps);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   274


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   275


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   276


        engineInit(opmode, key, spec, random);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   277


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   278














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   279


    // see JCE spec













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   280


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   281


    protected synchronized byte[] engineUpdate(byte[] in, int inOfs, int inLen) {








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   282


        if (aadBuffer != null) {













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   283


            if (aadBuffer.size() > 0) {













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   284


                // init again with AAD data













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   285


                init(encrypt, keyValue, iv, tagLen, aadBuffer.toByteArray());













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   286


            }








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   287


            aadBuffer = null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   288


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   289


        if (requireReinit) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   290


            throw new IllegalStateException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   291


                ("Must use either different key or iv for GCM encryption");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   292


        }








39752






365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




   293


        checkAndUpdateProcessed(inLen);








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   294


        if (inLen > 0) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   295


            if (!encrypt) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   296


                ibuffer.write(in, inOfs, inLen);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   297


                return null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   298


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   299


            return super.engineUpdate(in, inOfs, inLen);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   300


        } else return null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   301


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   302














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   303


    // see JCE spec













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   304


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   305


    protected synchronized int engineUpdate(byte[] in, int inOfs, int inLen, byte[] out,













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   306


            int outOfs) throws ShortBufferException {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   307


        int len = getOutputSizeByOperation(inLen, false);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   308


        if (out.length - outOfs < len) {








32646






db7c5592a47f
8133535: Better exception messaging in Ucrypto code



coffeys


parents: 
31695

diff
changeset




   309


            throw new ShortBufferException("Output buffer must be " +













db7c5592a47f
8133535: Better exception messaging in Ucrypto code



coffeys


parents: 
31695

diff
changeset




   310


                 "(at least) " + len + " bytes long. Got: " +













db7c5592a47f
8133535: Better exception messaging in Ucrypto code



coffeys


parents: 
31695

diff
changeset




   311


                 (out.length - outOfs));








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   312


        }








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   313


        if (aadBuffer != null) {













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   314


            if (aadBuffer.size() > 0) {













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   315


                // init again with AAD data













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   316


                init(encrypt, keyValue, iv, tagLen, aadBuffer.toByteArray());













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   317


            }








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   318


            aadBuffer = null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   319


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   320


        if (requireReinit) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   321


            throw new IllegalStateException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   322


                ("Must use either different key or iv for GCM encryption");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   323


        }








39752






365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




   324


        checkAndUpdateProcessed(inLen);








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   325


        if (inLen > 0) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   326


            if (!encrypt) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   327


                ibuffer.write(in, inOfs, inLen);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   328


                return 0;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   329


            } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   330


                return super.engineUpdate(in, inOfs, inLen, out, outOfs);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   331


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   332


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   333


        return 0;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   334


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   335














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   336


    // see JCE spec













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   337


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   338


    protected synchronized void engineUpdateAAD(byte[] src, int srcOfs, int srcLen)













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   339


            throws IllegalStateException {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   340














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   341


        if ((src == null) || (srcOfs < 0) || (srcOfs + srcLen > src.length)) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   342


            throw new IllegalArgumentException("Invalid AAD");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   343


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   344


        if (keyValue == null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   345


            throw new IllegalStateException("Need to initialize Cipher first");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   346


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   347


        if (requireReinit) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   348


            throw new IllegalStateException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   349


                ("Must use either different key or iv for GCM encryption");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   350


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   351


        if (aadBuffer != null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   352


            aadBuffer.write(src, srcOfs, srcLen);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   353


        } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   354


            // update has already been called













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   355


            throw new IllegalStateException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   356


                ("Update has been called; no more AAD data");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   357


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   358


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   359














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   360


    // see JCE spec













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   361


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   362


    protected void engineUpdateAAD(ByteBuffer src)













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   363


            throws IllegalStateException {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   364


        if (src == null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   365


            throw new IllegalArgumentException("Invalid AAD");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   366


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   367


        if (keyValue == null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   368


            throw new IllegalStateException("Need to initialize Cipher first");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   369


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   370


        if (requireReinit) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   371


            throw new IllegalStateException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   372


                ("Must use either different key or iv for GCM encryption");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   373


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   374


        if (aadBuffer != null) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   375


            if (src.hasRemaining()) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   376


                byte[] srcBytes = new byte[src.remaining()];













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   377


                src.get(srcBytes);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   378


                aadBuffer.write(srcBytes, 0, srcBytes.length);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   379


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   380


        } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   381


            // update has already been called













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   382


            throw new IllegalStateException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   383


                ("Update has been called; no more AAD data");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   384


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   385


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   386














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   387


    // see JCE spec













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   388


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   389


    protected synchronized byte[] engineDoFinal(byte[] in, int inOfs, int inLen)













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   390


            throws IllegalBlockSizeException, BadPaddingException {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   391


        byte[] out = new byte[getOutputSizeByOperation(inLen, true)];













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   392


        try {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   393


            // delegate to the other engineDoFinal(...) method













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   394


            int k = engineDoFinal(in, inOfs, inLen, out, 0);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   395


            if (out.length != k) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   396


                out = Arrays.copyOf(out, k);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   397


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   398


            return out;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   399


        } catch (ShortBufferException e) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   400


            throw new UcryptoException("Internal Error", e);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   401


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   402


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   403














4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   404


    // see JCE spec













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   405


    @Override













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   406


    protected synchronized int engineDoFinal(byte[] in, int inOfs, int inLen,













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   407


                                             byte[] out, int outOfs)













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   408


        throws ShortBufferException, IllegalBlockSizeException,













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   409


               BadPaddingException {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   410


        int len = getOutputSizeByOperation(inLen, true);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   411


        if (out.length - outOfs < len) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   412


            throw new ShortBufferException("Output buffer must be "








32646






db7c5592a47f
8133535: Better exception messaging in Ucrypto code



coffeys


parents: 
31695

diff
changeset




   413


                + "(at least) " + len + " bytes long. Got: " +













db7c5592a47f
8133535: Better exception messaging in Ucrypto code



coffeys


parents: 
31695

diff
changeset




   414


                (out.length - outOfs));








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   415


        }








39750






982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   416


        if (aadBuffer != null) {













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   417


            if (aadBuffer.size() > 0) {













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   418


                // init again with AAD data













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   419


                init(encrypt, keyValue, iv, tagLen, aadBuffer.toByteArray());













982b75e31495
8149070: Enforce update ordering



valeriep


parents: 
35302

diff
changeset




   420


            }








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   421


            aadBuffer = null;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   422


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   423


        if (requireReinit) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   424


            throw new IllegalStateException













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   425


                ("Must use either different key or iv for GCM encryption");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   426


        }








39752






365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




   427














365d487907ac
8146514: Enforce GCM limits



valeriep


parents: 
39750

diff
changeset




   428


        checkAndUpdateProcessed(inLen);








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   429


        if (!encrypt) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   430


            if (inLen > 0) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   431


                ibuffer.write(in, inOfs, inLen);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   432


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   433


            inLen = ibuffer.size();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   434


            if (inLen < tagLen/8) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   435


                // Otherwise, Solaris lib will error out w/ CRYPTO_BUFFER_TOO_SMALL













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   436


                // when ucrypto_decrypt_final() is called








32646






db7c5592a47f
8133535: Better exception messaging in Ucrypto code



coffeys


parents: 
31695

diff
changeset




   437


                throw new AEADBadTagException("Input too short - need tag." +













db7c5592a47f
8133535: Better exception messaging in Ucrypto code



coffeys


parents: 
31695

diff
changeset




   438


                    " inLen: " + inLen + ". tagLen: " + tagLen);








27182






4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   439


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   440


            // refresh 'in' to all buffered-up bytes













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   441


            in = ibuffer.toByteArray();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   442


            inOfs = 0;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   443


            ibuffer.reset();













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   444


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   445


        try {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   446


            return super.engineDoFinal(in, inOfs, inLen, out, outOfs);













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   447


        } catch (UcryptoException ue) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   448


            if (ue.getMessage().equals("CRYPTO_INVALID_MAC")) {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   449


                throw new AEADBadTagException("Tag does not match");













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   450


            } else {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   451


                // pass it up













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   452


                throw ue;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   453


            }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   454


        } finally {













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   455


            requireReinit = encrypt;













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   456


        }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   457


    }













4525d13b8af1
8046002: Move Ucrypto to the open jdk repo



valeriep


parents: 

diff
changeset




   458


}















jdk-sandbox