jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SSLCipher.java@b152d06ed6a9 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	28	import java.nio.ByteBuffer;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	29	import java.security.AccessController;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	30	import java.security.GeneralSecurityException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	31	import java.security.InvalidAlgorithmParameterException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	32	import java.security.InvalidKeyException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	33	import java.security.Key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	34	import java.security.PrivilegedAction;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	35	import java.security.SecureRandom;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	36	import java.security.Security;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	37	import java.security.spec.AlgorithmParameterSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	38	import java.util.AbstractMap.SimpleImmutableEntry;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	39	import java.util.Arrays;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	40	import java.util.HashMap;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	41	import java.util.Map;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	42	import javax.crypto.BadPaddingException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	43	import javax.crypto.Cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	44	import javax.crypto.IllegalBlockSizeException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	45	import javax.crypto.SecretKey;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	46	import javax.crypto.ShortBufferException;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	47	import javax.crypto.spec.GCMParameterSpec;
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	48	import javax.crypto.spec.IvParameterSpec;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	49	import sun.security.ssl.Authenticator.MAC;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	50	import static sun.security.ssl.CipherType.*;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	51	import static sun.security.ssl.JsseJce.*;
2 90ce3da70b43 Initial load duke parents: diff changeset	52
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	53	enum SSLCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	54	// exportable ciphers
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	55	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	56	B_NULL("NULL", NULL_CIPHER, 0, 0, 0, 0, true, true,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	57	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	58	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	59	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	60	new NullReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	61	ProtocolVersion.PROTOCOLS_OF_NONE
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	62	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	63	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	64	new NullReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	65	ProtocolVersion.PROTOCOLS_TO_13
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	66	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	67	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	68	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	69	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	70	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	71	new NullWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	72	ProtocolVersion.PROTOCOLS_OF_NONE
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	73	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	74	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	75	new NullWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	76	ProtocolVersion.PROTOCOLS_TO_13
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	77	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	78	})),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	79
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	80	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	81	B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true, true,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	82	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	83	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	84	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	85	new StreamReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	86	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	87	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	88	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	89	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	90	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	91	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	92	new StreamWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	93	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	94	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	95	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	96
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	97	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	98	B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false, true,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	99	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	100	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	101	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	102	new StreamReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	103	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	104	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	105	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	106	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	107	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	108	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	109	new StreamWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	110	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	111	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	112	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	113
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	114	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	115	B_DES_40(CIPHER_DES, BLOCK_CIPHER, 5, 8, 8, 0, true, true,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	116	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	117	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	118	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	119	new T10BlockReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	120	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	121	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	122	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	123	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	124	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	125	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	126	new T10BlockWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	127	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	128	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	129	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	130
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	131	// domestic strength ciphers
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	132	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	133	B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 16, 0, 0, true, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	134	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	135	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	136	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	137	new StreamReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	138	ProtocolVersion.PROTOCOLS_TO_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	139	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	140	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	141	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	142	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	143	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	144	new StreamWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	145	ProtocolVersion.PROTOCOLS_TO_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	146	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	147	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	148
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	149	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	150	B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 8, 0, true, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	151	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	152	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	153	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	154	new T10BlockReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	155	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	156	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	157	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	158	new T11BlockReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	159	ProtocolVersion.PROTOCOLS_OF_11
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	160	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	161	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	162	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	163	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	164	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	165	new T10BlockWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	166	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	167	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	168	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	169	new T11BlockWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	170	ProtocolVersion.PROTOCOLS_OF_11
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	171	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	172	})),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	173
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	174	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	175	B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 24, 8, 0, true, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	176	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	177	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	178	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	179	new T10BlockReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	180	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	181	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	182	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	183	new T11BlockReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	184	ProtocolVersion.PROTOCOLS_11_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	185	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	186	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	187	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	188	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	189	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	190	new T10BlockWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	191	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	192	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	193	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	194	new T11BlockWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	195	ProtocolVersion.PROTOCOLS_11_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	196	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	197	})),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	198
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	199	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	200	B_IDEA("IDEA", BLOCK_CIPHER, 16, 16, 8, 0, false, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	201	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	202	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	203	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	204	null,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	205	ProtocolVersion.PROTOCOLS_TO_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	206	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	207	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	208	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	209	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	210	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	211	null,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	212	ProtocolVersion.PROTOCOLS_TO_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	213	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	214	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	215
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	216	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	217	B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 16, 0, true, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	218	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	219	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	220	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	221	new T10BlockReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	222	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	223	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	224	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	225	new T11BlockReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	226	ProtocolVersion.PROTOCOLS_11_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	227	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	228	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	229	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	230	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	231	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	232	new T10BlockWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	233	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	234	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	235	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	236	new T11BlockWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	237	ProtocolVersion.PROTOCOLS_11_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	238	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	239	})),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	240
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	241	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	242	B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 32, 16, 0, true, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	243	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	244	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	245	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	246	new T10BlockReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	247	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	248	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	249	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	250	new T11BlockReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	251	ProtocolVersion.PROTOCOLS_11_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	252	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	253	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	254	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	255	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	256	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	257	new T10BlockWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	258	ProtocolVersion.PROTOCOLS_TO_10
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	259	),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	260	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	261	new T11BlockWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	262	ProtocolVersion.PROTOCOLS_11_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	263	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	264	})),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	265
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	266	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	267	B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 16, 12, 4, true, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	268	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	269	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	270	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	271	new T12GcmReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	272	ProtocolVersion.PROTOCOLS_OF_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	273	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	274	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	275	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	276	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	277	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	278	new T12GcmWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	279	ProtocolVersion.PROTOCOLS_OF_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	280	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	281	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	282
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	283	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	284	B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 32, 12, 4, true, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	285	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	286	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	287	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	288	new T12GcmReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	289	ProtocolVersion.PROTOCOLS_OF_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	290	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	291	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	292	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	293	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	294	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	295	new T12GcmWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	296	ProtocolVersion.PROTOCOLS_OF_12
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	297	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	298	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	299
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	300	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	301	B_AES_128_GCM_IV(CIPHER_AES_GCM, AEAD_CIPHER, 16, 16, 12, 0, true, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	302	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	303	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	304	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	305	new T13GcmReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	306	ProtocolVersion.PROTOCOLS_OF_13
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	307	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	308	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	309	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	310	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	311	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	312	new T13GcmWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	313	ProtocolVersion.PROTOCOLS_OF_13
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	314	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	315	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	316
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	317	@SuppressWarnings({"unchecked", "rawtypes"})
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	318	B_AES_256_GCM_IV(CIPHER_AES_GCM, AEAD_CIPHER, 32, 32, 12, 0, true, false,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	319	(Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	320	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	321	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	322	new T13GcmReadCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	323	ProtocolVersion.PROTOCOLS_OF_13
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	324	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	325	}),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	326	(Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	327	ProtocolVersion[]>[])(new Map.Entry[] {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	328	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	329	new T13GcmWriteCipherGenerator(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	330	ProtocolVersion.PROTOCOLS_OF_13
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	331	)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	332	}));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	333
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	334	// descriptive name including key size, e.g. AES/128
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	335	final String description;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	336
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	337	// JCE cipher transformation string, e.g. AES/CBC/NoPadding
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	338	final String transformation;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	339
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	340	// algorithm name, e.g. AES
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	341	final String algorithm;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	342
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	343	// supported and compile time enabled. Also see isAvailable()
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	344	final boolean allowed;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	345
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	346	// number of bytes of entropy in the key
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	347	final int keySize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	348
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	349	// length of the actual cipher key in bytes.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	350	// for non-exportable ciphers, this is the same as keySize
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	351	final int expandedKeySize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	352
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	353	// size of the IV
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	354	final int ivSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	355
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	356	// size of fixed IV
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	357	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	358	// record_iv_length = ivSize - fixedIvSize
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	359	final int fixedIvSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	360
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	361	// exportable under 512/40 bit rules
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	362	final boolean exportable;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	363
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	364	// Is the cipher algorithm of Cipher Block Chaining (CBC) mode?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	365	final CipherType cipherType;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	366
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	367	// size of the authentication tag, only applicable to cipher suites in
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	368	// Galois Counter Mode (GCM)
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	369	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	370	// As far as we know, all supported GCM cipher suites use 128-bits
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	371	// authentication tags.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	372	final int tagSize = 16;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	373
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	374	// runtime availability
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	375	private final boolean isAvailable;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	376
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	377	private final Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	378	ProtocolVersion[]>[] readCipherGenerators;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	379	private final Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	380	ProtocolVersion[]>[] writeCipherGenerators;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	381
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	382	// Map of Ciphers listed in jdk.tls.KeyLimit
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	383	private static final HashMap<String, Long> cipherLimits = new HashMap<>();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	384
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	385	// Keywords found on the jdk.tls.KeyLimit security property.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	386	final static String tag[] = {"KEYUPDATE"};
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	387
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	388	static {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	389	final long max = 4611686018427387904L; // 2^62
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	390	String prop = AccessController.doPrivileged(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	391	new PrivilegedAction<String>() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	392	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	393	public String run() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	394	return Security.getProperty("jdk.tls.keyLimits");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	395	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	396	});
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	397
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	398	if (prop != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	399	String propvalue[] = prop.split(",");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	400
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	401	for (String entry : propvalue) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	402	int index;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	403	// If this is not a UsageLimit, goto to next entry.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	404	String values[] = entry.trim().toUpperCase().split(" ");
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	405
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	406	if (values[1].contains(tag[0])) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	407	index = 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	408	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	409	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	410	SSLLogger.fine("jdk.net.keyLimits: Unknown action: " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	411	entry);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	412	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	413	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	414	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	415
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	416	long size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	417	int i = values[2].indexOf("^");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	418	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	419	if (i >= 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	420	size = (long) Math.pow(2,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	421	Integer.parseInt(values[2].substring(i + 1)));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	422	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	423	size = Long.parseLong(values[2]);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	424	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	425	if (size < 1 \|\| size > max) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	426	throw new NumberFormatException("Length exceeded limits");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	427	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	428	} catch (NumberFormatException e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	429	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	430	SSLLogger.fine("jdk.net.keyLimits: " + e.getMessage() +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	431	": " + entry);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	432	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	433	continue;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	434	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	435	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	436	SSLLogger.fine("jdk.net.keyLimits: entry = " + entry +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	437	". " + values[0] + ":" + tag[index] + " = " + size);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	438	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	439	cipherLimits.put(values[0] + ":" + tag[index], size);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	440	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	441	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	442	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	443
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	444	private SSLCipher(String transformation,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	445	CipherType cipherType, int keySize,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	446	int expandedKeySize, int ivSize,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	447	int fixedIvSize, boolean allowed, boolean exportable,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	448	Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	449	ProtocolVersion[]>[] readCipherGenerators,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	450	Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	451	ProtocolVersion[]>[] writeCipherGenerators) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	452	this.transformation = transformation;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	453	String[] splits = transformation.split("/");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	454	this.algorithm = splits[0];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	455	this.cipherType = cipherType;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	456	this.description = this.algorithm + "/" + (keySize << 3);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	457	this.keySize = keySize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	458	this.ivSize = ivSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	459	this.fixedIvSize = fixedIvSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	460	this.allowed = allowed;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	461
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	462	this.expandedKeySize = expandedKeySize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	463	this.exportable = exportable;
10915 1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 7039 diff changeset	464
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	465	// availability of this bulk cipher
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	466	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	467	// We assume all supported ciphers are always available since they are
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	468	// shipped with the SunJCE provider. However, AES/256 is unavailable
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	469	// when the default JCE policy jurisdiction files are installed because
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	470	// of key length restrictions.
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	471	this.isAvailable = allowed && isUnlimited(keySize, transformation);
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	472
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	473	this.readCipherGenerators = readCipherGenerators;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	474	this.writeCipherGenerators = writeCipherGenerators;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	475	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	476
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	477	SSLReadCipher createReadCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	478	ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	479	SecretKey key, IvParameterSpec iv,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	480	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	481	if (readCipherGenerators.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	482	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	483	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	484
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	485	ReadCipherGenerator rcg = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	486	for (Map.Entry<ReadCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	487	ProtocolVersion[]> me : readCipherGenerators) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	488	for (ProtocolVersion pv : me.getValue()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	489	if (protocolVersion == pv) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	490	rcg = me.getKey();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	491	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	492	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	493	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	494
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	495	if (rcg != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	496	return rcg.createCipher(this, authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	497	protocolVersion, transformation, key, iv, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	498	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	499	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	500	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	501
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	502	SSLWriteCipher createWriteCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	503	ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	504	SecretKey key, IvParameterSpec iv,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	505	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	506	if (readCipherGenerators.length == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	507	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	508	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	509
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	510	WriteCipherGenerator rcg = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	511	for (Map.Entry<WriteCipherGenerator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	512	ProtocolVersion[]> me : writeCipherGenerators) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	513	for (ProtocolVersion pv : me.getValue()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	514	if (protocolVersion == pv) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	515	rcg = me.getKey();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	516	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	517	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	518	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	519
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	520	if (rcg != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	521	return rcg.createCipher(this, authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	522	protocolVersion, transformation, key, iv, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	523	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	524	return null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	525	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	526
2 90ce3da70b43 Initial load duke parents: diff changeset	527	/**
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	528	* Test if this bulk cipher is available. For use by CipherSuite.
2 90ce3da70b43 Initial load duke parents: diff changeset	529	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	530	boolean isAvailable() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	531	return this.isAvailable;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	532	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	533
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	534	private static boolean isUnlimited(int keySize, String transformation) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	535	int keySizeInBits = keySize * 8;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	536	if (keySizeInBits > 128) { // need the JCE unlimited
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	537	// strength jurisdiction policy
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	538	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	539	if (Cipher.getMaxAllowedKeyLength(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	540	transformation) < keySizeInBits) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	541	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	542	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	543	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	544	return false;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	545	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	546	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	547
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	548	return true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	549	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	550
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	551	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	552	public String toString() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	553	return description;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	554	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	555
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	556	interface ReadCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	557	SSLReadCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	558	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	559	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	560	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	561	SecureRandom random) throws GeneralSecurityException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	562	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	563
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	564	abstract static class SSLReadCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	565	final Authenticator authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	566	final ProtocolVersion protocolVersion;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	567	SecretKey baseSecret;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	568
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	569	SSLReadCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	570	ProtocolVersion protocolVersion) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	571	this.authenticator = authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	572	this.protocolVersion = protocolVersion;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	573	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	574
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	575	static final SSLReadCipher nullTlsReadCipher() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	576	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	577	return B_NULL.createReadCipher(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	578	Authenticator.nullTlsMac(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	579	ProtocolVersion.NONE, null, null, null);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	580	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	581	// unlikely
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	582	throw new RuntimeException("Cannot create NULL SSLCipher", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	583	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	584	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	585
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	586	static final SSLReadCipher nullDTlsReadCipher() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	587	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	588	return B_NULL.createReadCipher(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	589	Authenticator.nullDtlsMac(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	590	ProtocolVersion.NONE, null, null, null);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	591	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	592	// unlikely
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	593	throw new RuntimeException("Cannot create NULL SSLCipher", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	594	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	595	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	596
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	597	abstract Plaintext decrypt(byte contentType, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	598	byte[] sequence) throws GeneralSecurityException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	599
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	600	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	601	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	602	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	603
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	604	abstract int estimateFragmentSize(int packetSize, int headerSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	605
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	606	boolean isNullCipher() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	607	return false;
2 90ce3da70b43 Initial load duke parents: diff changeset	608	}
90ce3da70b43 Initial load duke parents: diff changeset	609	}
90ce3da70b43 Initial load duke parents: diff changeset	610
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	611	interface WriteCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	612	SSLWriteCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	613	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	614	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	615	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	616	SecureRandom random) throws GeneralSecurityException;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	617	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	618
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	619	abstract static class SSLWriteCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	620	final Authenticator authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	621	final ProtocolVersion protocolVersion;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	622	boolean keyLimitEnabled = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	623	long keyLimitCountdown = 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	624	SecretKey baseSecret;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	625
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	626	SSLWriteCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	627	ProtocolVersion protocolVersion) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	628	this.authenticator = authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	629	this.protocolVersion = protocolVersion;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	630	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	631
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	632	abstract int encrypt(byte contentType, ByteBuffer bb);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	633
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	634	static final SSLWriteCipher nullTlsWriteCipher() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	635	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	636	return B_NULL.createWriteCipher(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	637	Authenticator.nullTlsMac(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	638	ProtocolVersion.NONE, null, null, null);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	639	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	640	// unlikely
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	641	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	642	"Cannot create NULL SSL write Cipher", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	643	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	644	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	645
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	646	static final SSLWriteCipher nullDTlsWriteCipher() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	647	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	648	return B_NULL.createWriteCipher(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	649	Authenticator.nullDtlsMac(),
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	650	ProtocolVersion.NONE, null, null, null);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	651	} catch (GeneralSecurityException gse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	652	// unlikely
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	653	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	654	"Cannot create NULL SSL write Cipher", gse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	655	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	656	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	657
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	658	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	659	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	660	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	661
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	662	abstract int getExplicitNonceSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	663	abstract int calculateFragmentSize(int packetLimit, int headerSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	664	abstract int calculatePacketSize(int fragmentSize, int headerSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	665
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	666	boolean isCBCMode() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	667	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	668	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	669
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	670	boolean isNullCipher() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	671	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	672	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	673
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	674	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	675	* Check if processed bytes have reached the key usage limit.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	676	* If key usage limit is not be monitored, return false.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	677	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	678	public boolean atKeyLimit() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	679	if (keyLimitCountdown >= 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	680	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	681	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	682
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	683	// Turn off limit checking as KeyUpdate will be occurring
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	684	keyLimitEnabled = false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	685	return true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	686	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	687	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	688
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	689	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	690	class NullReadCipherGenerator implements ReadCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	691	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	692	public SSLReadCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	693	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	694	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	695	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	696	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	697	return new NullReadCipher(authenticator, protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	698	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	699
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	700	static final class NullReadCipher extends SSLReadCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	701	NullReadCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	702	ProtocolVersion protocolVersion) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	703	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	704	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	705
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	706	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	707	public Plaintext decrypt(byte contentType, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	708	byte[] sequence) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	709	MAC signer = (MAC)authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	710	if (signer.macAlg().size != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	711	checkStreamMac(signer, bb, contentType, sequence);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	712	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	713	authenticator.increaseSequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	714	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	715
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	716	return new Plaintext(contentType,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	717	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	718	-1, -1L, bb.slice());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	719	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	720
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	721	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	722	int estimateFragmentSize(int packetSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	723	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	724	return packetSize - headerSize - macLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	725	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	726
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	727	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	728	boolean isNullCipher() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	729	return true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	730	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	731	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	732	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	733
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	734	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	735	class NullWriteCipherGenerator implements WriteCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	736	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	737	public SSLWriteCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	738	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	739	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	740	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	741	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	742	return new NullWriteCipher(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	743	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	744
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	745	static final class NullWriteCipher extends SSLWriteCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	746	NullWriteCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	747	ProtocolVersion protocolVersion) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	748	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	749	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	750
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	751	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	752	public int encrypt(byte contentType, ByteBuffer bb) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	753	// add message authentication code
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	754	MAC signer = (MAC)authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	755	if (signer.macAlg().size != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	756	addMac(signer, bb, contentType);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	757	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	758	authenticator.increaseSequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	759	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	760
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	761	int len = bb.remaining();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	762	bb.position(bb.limit());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	763	return len;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	764	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	765
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	766
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	767	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	768	int getExplicitNonceSize() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	769	return 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	770	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	771
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	772	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	773	int calculateFragmentSize(int packetLimit, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	774	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	775	return packetLimit - headerSize - macLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	776	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	777
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	778	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	779	int calculatePacketSize(int fragmentSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	780	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	781	return fragmentSize + headerSize + macLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	782	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	783
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	784	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	785	boolean isNullCipher() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	786	return true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	787	}
2 90ce3da70b43 Initial load duke parents: diff changeset	788	}
90ce3da70b43 Initial load duke parents: diff changeset	789	}
90ce3da70b43 Initial load duke parents: diff changeset	790
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	791	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	792	class StreamReadCipherGenerator implements ReadCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	793	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	794	public SSLReadCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	795	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	796	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	797	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	798	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	799	return new StreamReadCipher(authenticator, protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	800	algorithm, key, params, random);
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	801	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	802
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	803	static final class StreamReadCipher extends SSLReadCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	804	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	805
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	806	StreamReadCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	807	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	808	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	809	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	810	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	811	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	812	cipher.init(Cipher.DECRYPT_MODE, key, params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	813	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	814
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	815	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	816	public Plaintext decrypt(byte contentType, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	817	byte[] sequence) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	818	int len = bb.remaining();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	819	int pos = bb.position();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	820	ByteBuffer dup = bb.duplicate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	821	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	822	if (len != cipher.update(dup, bb)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	823	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	824	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	825	"Unexpected number of plaintext bytes");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	826	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	827	if (bb.position() != dup.position()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	828	throw new RuntimeException(
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	829	"Unexpected ByteBuffer position");
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	830	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	831	} catch (ShortBufferException sbe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	832	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	833	throw new RuntimeException("Cipher buffering error in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	834	"JCE provider " + cipher.getProvider().getName(), sbe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	835	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	836	bb.position(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	837	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	838	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	839	"Plaintext after DECRYPTION", bb.duplicate());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	840	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	841
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	842	MAC signer = (MAC)authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	843	if (signer.macAlg().size != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	844	checkStreamMac(signer, bb, contentType, sequence);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	845	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	846	authenticator.increaseSequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	847	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	848
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	849	return new Plaintext(contentType,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	850	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	851	-1, -1L, bb.slice());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	852	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	853
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	854	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	855	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	856	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	857	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	858	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	859	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	860	// swallow all types of exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	861	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	862	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	863	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	864
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	865	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	866	int estimateFragmentSize(int packetSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	867	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	868	return packetSize - headerSize - macLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	869	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	870	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	871	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	872
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	873	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	874	class StreamWriteCipherGenerator implements WriteCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	875	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	876	public SSLWriteCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	877	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	878	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	879	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	880	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	881	return new StreamWriteCipher(authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	882	protocolVersion, algorithm, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	883	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	884
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	885	static final class StreamWriteCipher extends SSLWriteCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	886	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	887
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	888	StreamWriteCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	889	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	890	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	891	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	892	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	893	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	894	cipher.init(Cipher.ENCRYPT_MODE, key, params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	895	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	896
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	897	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	898	public int encrypt(byte contentType, ByteBuffer bb) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	899	// add message authentication code
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	900	MAC signer = (MAC)authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	901	if (signer.macAlg().size != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	902	addMac(signer, bb, contentType);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	903	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	904	authenticator.increaseSequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	905	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	906
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	907	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	908	SSLLogger.finest(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	909	"Padded plaintext before ENCRYPTION", bb.duplicate());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	910	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	911
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	912	int len = bb.remaining();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	913	ByteBuffer dup = bb.duplicate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	914	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	915	if (len != cipher.update(dup, bb)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	916	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	917	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	918	"Unexpected number of plaintext bytes");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	919	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	920	if (bb.position() != dup.position()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	921	throw new RuntimeException(
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	922	"Unexpected ByteBuffer position");
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	923	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	924	} catch (ShortBufferException sbe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	925	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	926	throw new RuntimeException("Cipher buffering error in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	927	"JCE provider " + cipher.getProvider().getName(), sbe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	928	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	929
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	930	return len;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	931	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	932
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	933	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	934	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	935	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	936	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	937	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	938	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	939	// swallow all types of exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	940	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	941	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	942	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	943
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	944	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	945	int getExplicitNonceSize() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	946	return 0;
2 90ce3da70b43 Initial load duke parents: diff changeset	947	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	948
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	949	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	950	int calculateFragmentSize(int packetLimit, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	951	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	952	return packetLimit - headerSize - macLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	953	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	954
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	955	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	956	int calculatePacketSize(int fragmentSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	957	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	958	return fragmentSize + headerSize + macLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	959	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	960	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	961	}
2 90ce3da70b43 Initial load duke parents: diff changeset	962
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	963	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	964	class T10BlockReadCipherGenerator implements ReadCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	965	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	966	public SSLReadCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	967	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	968	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	969	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	970	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	971	return new BlockReadCipher(authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	972	protocolVersion, algorithm, key, params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	973	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	974
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	975	static final class BlockReadCipher extends SSLReadCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	976	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	977
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	978	BlockReadCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	979	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	980	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	981	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	982	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	983	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	984	cipher.init(Cipher.DECRYPT_MODE, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	985	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	986
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	987	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	988	public Plaintext decrypt(byte contentType, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	989	byte[] sequence) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	990	BadPaddingException reservedBPE = null;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	991
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	992	// sanity check length of the ciphertext
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	993	MAC signer = (MAC)authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	994	int cipheredLength = bb.remaining();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	995	int tagLen = signer.macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	996	if (tagLen != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	997	if (!sanityCheck(tagLen, bb.remaining())) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	998	reservedBPE = new BadPaddingException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	999	"ciphertext sanity check failed");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1000	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1001	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1002	// decryption
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1003	int len = bb.remaining();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1004	int pos = bb.position();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1005	ByteBuffer dup = bb.duplicate();
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1006	try {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1007	if (len != cipher.update(dup, bb)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1008	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1009	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1010	"Unexpected number of plaintext bytes");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1011	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1012
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1013	if (bb.position() != dup.position()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1014	throw new RuntimeException(
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1015	"Unexpected ByteBuffer position");
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1016	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1017	} catch (ShortBufferException sbe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1018	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1019	throw new RuntimeException("Cipher buffering error in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1020	"JCE provider " + cipher.getProvider().getName(), sbe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1021	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1022
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1023	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1024	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1025	"Padded plaintext after DECRYPTION",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1026	bb.duplicate().position(pos));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1027	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1028
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1029	// remove the block padding
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1030	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1031	bb.position(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1032	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1033	removePadding(bb, tagLen, blockSize, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1034	} catch (BadPaddingException bpe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1035	if (reservedBPE == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1036	reservedBPE = bpe;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1037	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1038	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1039
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1040	// Requires message authentication code for null, stream and
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1041	// block cipher suites.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1042	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1043	if (tagLen != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1044	checkCBCMac(signer, bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1045	contentType, cipheredLength, sequence);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1046	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1047	authenticator.increaseSequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1048	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1049	} catch (BadPaddingException bpe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1050	if (reservedBPE == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1051	reservedBPE = bpe;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1052	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1053	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1054
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1055	// Is it a failover?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1056	if (reservedBPE != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1057	throw reservedBPE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1058	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1059
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1060	return new Plaintext(contentType,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1061	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1062	-1, -1L, bb.slice());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1063	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1064
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1065	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1066	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1067	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1068	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1069	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1070	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1071	// swallow all types of exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1072	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1073	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1074	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1075
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1076	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1077	int estimateFragmentSize(int packetSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1078	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1079
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1080	// No padding for a maximum fragment.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1081	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1082	// 1 byte padding length field: 0x00
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1083	return packetSize - headerSize - macLen - 1;
2 90ce3da70b43 Initial load duke parents: diff changeset	1084	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1085
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1086	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1087	* Sanity check the length of a fragment before decryption.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1088	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1089	* In CBC mode, check that the fragment length is one or multiple
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1090	* times of the block size of the cipher suite, and is at least
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1091	* one (one is the smallest size of padding in CBC mode) bigger
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1092	* than the tag size of the MAC algorithm except the explicit IV
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1093	* size for TLS 1.1 or later.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1094	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1095	* In non-CBC mode, check that the fragment length is not less than
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1096	* the tag size of the MAC algorithm.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1097	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1098	* @return true if the length of a fragment matches above
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1099	* requirements
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1100	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1101	private boolean sanityCheck(int tagLen, int fragmentLen) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1102	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1103	if ((fragmentLen % blockSize) == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1104	int minimal = tagLen + 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1105	minimal = (minimal >= blockSize) ? minimal : blockSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1106
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1107	return (fragmentLen >= minimal);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1108	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1109
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1110	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1111	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1112	}
90ce3da70b43 Initial load duke parents: diff changeset	1113	}
90ce3da70b43 Initial load duke parents: diff changeset	1114
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1115	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1116	class T10BlockWriteCipherGenerator implements WriteCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1117	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1118	public SSLWriteCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1119	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1120	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1121	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1122	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1123	return new BlockWriteCipher(authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1124	protocolVersion, algorithm, key, params, random);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1125	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1126
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1127	static final class BlockWriteCipher extends SSLWriteCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1128	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1129
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1130	BlockWriteCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1131	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1132	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1133	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1134	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1135	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1136	cipher.init(Cipher.ENCRYPT_MODE, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	1137	}
90ce3da70b43 Initial load duke parents: diff changeset	1138
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1139	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1140	public int encrypt(byte contentType, ByteBuffer bb) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1141	int pos = bb.position();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1142
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1143	// add message authentication code
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1144	MAC signer = (MAC)authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1145	if (signer.macAlg().size != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1146	addMac(signer, bb, contentType);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1147	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1148	authenticator.increaseSequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1149	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1150
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1151	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1152	int len = addPadding(bb, blockSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1153	bb.position(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1154
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1155	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1156	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1157	"Padded plaintext before ENCRYPTION",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1158	bb.duplicate());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1159	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1160
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1161	ByteBuffer dup = bb.duplicate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1162	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1163	if (len != cipher.update(dup, bb)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1164	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1165	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1166	"Unexpected number of plaintext bytes");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1167	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1168
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1169	if (bb.position() != dup.position()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1170	throw new RuntimeException(
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1171	"Unexpected ByteBuffer position");
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1172	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1173	} catch (ShortBufferException sbe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1174	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1175	throw new RuntimeException("Cipher buffering error in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1176	"JCE provider " + cipher.getProvider().getName(), sbe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1177	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1178
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1179	return len;
2 90ce3da70b43 Initial load duke parents: diff changeset	1180	}
90ce3da70b43 Initial load duke parents: diff changeset	1181
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1182	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1183	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1184	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1185	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1186	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1187	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1188	// swallow all types of exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1189	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1190	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1191	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1192
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1193	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1194	int getExplicitNonceSize() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1195	return 0;
2 90ce3da70b43 Initial load duke parents: diff changeset	1196	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1197
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1198	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1199	int calculateFragmentSize(int packetLimit, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1200	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1201	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1202	int fragLen = packetLimit - headerSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1203	fragLen -= (fragLen % blockSize); // cannot hold a block
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1204	// No padding for a maximum fragment.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1205	fragLen -= 1; // 1 byte padding length field: 0x00
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1206	fragLen -= macLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1207	return fragLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1208	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1209
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1210	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1211	int calculatePacketSize(int fragmentSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1212	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1213	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1214	int paddedLen = fragmentSize + macLen + 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1215	if ((paddedLen % blockSize) != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1216	paddedLen += blockSize - 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1217	paddedLen -= paddedLen % blockSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1218	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1219
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1220	return headerSize + paddedLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1221	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1222
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1223	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1224	boolean isCBCMode() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1225	return true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1226	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1227	}
90ce3da70b43 Initial load duke parents: diff changeset	1228	}
90ce3da70b43 Initial load duke parents: diff changeset	1229
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1230	// For TLS 1.1 and 1.2
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1231	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1232	class T11BlockReadCipherGenerator implements ReadCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1233	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1234	public SSLReadCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1235	Authenticator authenticator, ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1236	String algorithm, Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1237	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1238	return new BlockReadCipher(authenticator, protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1239	sslCipher, algorithm, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	1240	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1241
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1242	static final class BlockReadCipher extends SSLReadCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1243	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1244
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1245	BlockReadCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1246	ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1247	SSLCipher sslCipher, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1248	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1249	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1250	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1251	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1252	if (params == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1253	params = new IvParameterSpec(new byte[sslCipher.ivSize]);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1254	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1255	cipher.init(Cipher.DECRYPT_MODE, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	1256	}
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	1257
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1258	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1259	public Plaintext decrypt(byte contentType, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1260	byte[] sequence) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1261	BadPaddingException reservedBPE = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1262
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1263	// sanity check length of the ciphertext
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1264	MAC signer = (MAC)authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1265	int cipheredLength = bb.remaining();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1266	int tagLen = signer.macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1267	if (tagLen != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1268	if (!sanityCheck(tagLen, bb.remaining())) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1269	reservedBPE = new BadPaddingException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1270	"ciphertext sanity check failed");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1271	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1272	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1273
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1274	// decryption
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1275	int len = bb.remaining();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1276	int pos = bb.position();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1277	ByteBuffer dup = bb.duplicate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1278	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1279	if (len != cipher.update(dup, bb)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1280	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1281	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1282	"Unexpected number of plaintext bytes");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1283	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1284
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1285	if (bb.position() != dup.position()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1286	throw new RuntimeException(
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1287	"Unexpected ByteBuffer position");
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1288	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1289	} catch (ShortBufferException sbe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1290	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1291	throw new RuntimeException("Cipher buffering error in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1292	"JCE provider " + cipher.getProvider().getName(), sbe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1293	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1294
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1295	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1296	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1297	"Padded plaintext after DECRYPTION",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1298	bb.duplicate().position(pos));
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1299	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1300
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1301	// Ignore the explicit nonce.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1302	bb.position(pos + cipher.getBlockSize());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1303	pos = bb.position();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1304
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1305	// remove the block padding
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1306	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1307	bb.position(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1308	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1309	removePadding(bb, tagLen, blockSize, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1310	} catch (BadPaddingException bpe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1311	if (reservedBPE == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1312	reservedBPE = bpe;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1313	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1314	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1315
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1316	// Requires message authentication code for null, stream and
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1317	// block cipher suites.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1318	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1319	if (tagLen != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1320	checkCBCMac(signer, bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1321	contentType, cipheredLength, sequence);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1322	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1323	authenticator.increaseSequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1324	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1325	} catch (BadPaddingException bpe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1326	if (reservedBPE == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1327	reservedBPE = bpe;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1328	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1329	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1330
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1331	// Is it a failover?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1332	if (reservedBPE != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1333	throw reservedBPE;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1334	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1335
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1336	return new Plaintext(contentType,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1337	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1338	-1, -1L, bb.slice());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1339	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1340
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1341	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1342	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1343	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1344	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1345	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1346	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1347	// swallow all types of exceptions.
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1348	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1349	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1350	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1351
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1352	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1353	int estimateFragmentSize(int packetSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1354	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1355
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1356	// No padding for a maximum fragment.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1357	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1358	// 1 byte padding length field: 0x00
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1359	int nonceSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1360	return packetSize - headerSize - nonceSize - macLen - 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1361	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1362
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1363	/**
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1364	* Sanity check the length of a fragment before decryption.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1365	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1366	* In CBC mode, check that the fragment length is one or multiple
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1367	* times of the block size of the cipher suite, and is at least
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1368	* one (one is the smallest size of padding in CBC mode) bigger
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1369	* than the tag size of the MAC algorithm except the explicit IV
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1370	* size for TLS 1.1 or later.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1371	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1372	* In non-CBC mode, check that the fragment length is not less than
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1373	* the tag size of the MAC algorithm.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1374	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1375	* @return true if the length of a fragment matches above
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1376	* requirements
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1377	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1378	private boolean sanityCheck(int tagLen, int fragmentLen) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1379	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1380	if ((fragmentLen % blockSize) == 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1381	int minimal = tagLen + 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1382	minimal = (minimal >= blockSize) ? minimal : blockSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1383	minimal += blockSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1384
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1385	return (fragmentLen >= minimal);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1386	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1387
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1388	return false;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1389	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1390	}
90ce3da70b43 Initial load duke parents: diff changeset	1391	}
90ce3da70b43 Initial load duke parents: diff changeset	1392
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1393	// For TLS 1.1 and 1.2
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1394	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1395	class T11BlockWriteCipherGenerator implements WriteCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1396	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1397	public SSLWriteCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1398	Authenticator authenticator, ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1399	String algorithm, Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1400	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1401	return new BlockWriteCipher(authenticator, protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1402	sslCipher, algorithm, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	1403	}
90ce3da70b43 Initial load duke parents: diff changeset	1404
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1405	static final class BlockWriteCipher extends SSLWriteCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1406	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1407	private final SecureRandom random;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1408
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1409	BlockWriteCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1410	ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1411	SSLCipher sslCipher, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1412	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1413	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1414	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1415	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1416	this.random = random;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1417	if (params == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1418	params = new IvParameterSpec(new byte[sslCipher.ivSize]);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1419	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1420	cipher.init(Cipher.ENCRYPT_MODE, key, params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1421	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1422
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1423	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1424	public int encrypt(byte contentType, ByteBuffer bb) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1425	// To be unique and aware of overflow-wrap, sequence number
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1426	// is used as the nonce_explicit of block cipher suites.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1427	int pos = bb.position();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1428
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1429	// add message authentication code
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1430	MAC signer = (MAC)authenticator;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1431	if (signer.macAlg().size != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1432	addMac(signer, bb, contentType);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1433	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1434	authenticator.increaseSequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1435	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1436
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1437	// DON'T WORRY, the nonce spaces are considered already.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1438	byte[] nonce = new byte[cipher.getBlockSize()];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1439	random.nextBytes(nonce);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1440	pos = pos - nonce.length;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1441	bb.position(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1442	bb.put(nonce);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1443	bb.position(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1444
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1445	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1446	int len = addPadding(bb, blockSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1447	bb.position(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1448
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1449	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1450	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1451	"Padded plaintext before ENCRYPTION",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1452	bb.duplicate());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1453	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1454
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1455	ByteBuffer dup = bb.duplicate();
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1456	try {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1457	if (len != cipher.update(dup, bb)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1458	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1459	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1460	"Unexpected number of plaintext bytes");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1461	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1462
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1463	if (bb.position() != dup.position()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1464	throw new RuntimeException(
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1465	"Unexpected ByteBuffer position");
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1466	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1467	} catch (ShortBufferException sbe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1468	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1469	throw new RuntimeException("Cipher buffering error in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1470	"JCE provider " + cipher.getProvider().getName(), sbe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1471	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1472
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1473	return len;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1474	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1475
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1476	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1477	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1478	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1479	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1480	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1481	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1482	// swallow all types of exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1483	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1484	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1485	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1486
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1487	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1488	int getExplicitNonceSize() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1489	return cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1490	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1491
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1492	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1493	int calculateFragmentSize(int packetLimit, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1494	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1495	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1496	int fragLen = packetLimit - headerSize - blockSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1497	fragLen -= (fragLen % blockSize); // cannot hold a block
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1498	// No padding for a maximum fragment.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1499	fragLen -= 1; // 1 byte padding length field: 0x00
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1500	fragLen -= macLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1501	return fragLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1502	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1503
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1504	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1505	int calculatePacketSize(int fragmentSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1506	int macLen = ((MAC)authenticator).macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1507	int blockSize = cipher.getBlockSize();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1508	int paddedLen = fragmentSize + macLen + 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1509	if ((paddedLen % blockSize) != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1510	paddedLen += blockSize - 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1511	paddedLen -= paddedLen % blockSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1512	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1513
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1514	return headerSize + blockSize + paddedLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1515	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1516
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1517	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1518	boolean isCBCMode() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1519	return true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1520	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1521	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1522	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1523
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1524	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1525	class T12GcmReadCipherGenerator implements ReadCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1526	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1527	public SSLReadCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1528	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1529	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1530	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1531	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1532	return new GcmReadCipher(authenticator, protocolVersion, sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1533	algorithm, key, params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1534	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1535
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1536	static final class GcmReadCipher extends SSLReadCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1537	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1538	private final int tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1539	private final Key key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1540	private final byte[] fixedIv;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1541	private final int recordIvSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1542	private final SecureRandom random;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1543
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1544	GcmReadCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1545	ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1546	SSLCipher sslCipher, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1547	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1548	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1549	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1550	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1551	this.tagSize = sslCipher.tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1552	this.key = key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1553	this.fixedIv = ((IvParameterSpec)params).getIV();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1554	this.recordIvSize = sslCipher.ivSize - sslCipher.fixedIvSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1555	this.random = random;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1556
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1557	// DON'T initialize the cipher for AEAD!
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1558	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1559
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1560	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1561	public Plaintext decrypt(byte contentType, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1562	byte[] sequence) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1563	if (bb.remaining() < (recordIvSize + tagSize)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1564	throw new BadPaddingException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1565	"Insufficient buffer remaining for AEAD cipher " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1566	"fragment (" + bb.remaining() + "). Needs to be " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1567	"more than or equal to IV size (" + recordIvSize +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1568	") + tag size (" + tagSize + ")");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1569	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1570
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1571	// initialize the AEAD cipher for the unique IV
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1572	byte[] iv = Arrays.copyOf(fixedIv,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1573	fixedIv.length + recordIvSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1574	bb.get(iv, fixedIv.length, recordIvSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1575	GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1576	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1577	cipher.init(Cipher.DECRYPT_MODE, key, spec, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1578	} catch (InvalidKeyException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1579	InvalidAlgorithmParameterException ikae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1580	// unlikely to happen
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1581	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1582	"invalid key or spec in GCM mode", ikae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1583	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1584
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1585	// update the additional authentication data
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1586	byte[] aad = authenticator.acquireAuthenticationBytes(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1587	contentType, bb.remaining() - tagSize,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1588	sequence);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1589	cipher.updateAAD(aad);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1590
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1591	// DON'T decrypt the nonce_explicit for AEAD mode. The buffer
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1592	// position has moved out of the nonce_explicit range.
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1593	int len, pos = bb.position();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1594	ByteBuffer dup = bb.duplicate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1595	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1596	len = cipher.doFinal(dup, bb);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1597	} catch (IllegalBlockSizeException ibse) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1598	// unlikely to happen
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1599	throw new RuntimeException(
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1600	"Cipher error in AEAD mode \"" + ibse.getMessage() +
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1601	" \"in JCE provider " + cipher.getProvider().getName());
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1602	} catch (ShortBufferException sbe) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1603	// catch BouncyCastle buffering error
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1604	throw new RuntimeException("Cipher buffering error in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1605	"JCE provider " + cipher.getProvider().getName(), sbe);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1606	}
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1607	// reset the limit to the end of the decrypted data
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1608	bb.position(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1609	bb.limit(pos + len);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1610
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1611	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1612	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1613	"Plaintext after DECRYPTION", bb.duplicate());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1614	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1615
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1616	return new Plaintext(contentType,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1617	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1618	-1, -1L, bb.slice());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1619	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1620
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1621	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1622	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1623	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1624	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1625	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1626	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1627	// swallow all types of exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1628	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1629	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1630	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1631
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1632	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1633	int estimateFragmentSize(int packetSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1634	return packetSize - headerSize - recordIvSize - tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1635	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1636	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1637	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1638
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1639	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1640	class T12GcmWriteCipherGenerator implements WriteCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1641	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1642	public SSLWriteCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1643	Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1644	ProtocolVersion protocolVersion, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1645	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1646	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1647	return new GcmWriteCipher(authenticator, protocolVersion, sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1648	algorithm, key, params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1649	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1650
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1651	private static final class GcmWriteCipher extends SSLWriteCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1652	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1653	private final int tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1654	private final Key key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1655	private final byte[] fixedIv;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1656	private final int recordIvSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1657	private final SecureRandom random;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1658
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1659	GcmWriteCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1660	ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1661	SSLCipher sslCipher, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1662	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1663	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1664	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1665	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1666	this.tagSize = sslCipher.tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1667	this.key = key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1668	this.fixedIv = ((IvParameterSpec)params).getIV();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1669	this.recordIvSize = sslCipher.ivSize - sslCipher.fixedIvSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1670	this.random = random;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1671
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1672	// DON'T initialize the cipher for AEAD!
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1673	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1674
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1675	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1676	public int encrypt(byte contentType,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1677	ByteBuffer bb) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1678	// To be unique and aware of overflow-wrap, sequence number
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1679	// is used as the nonce_explicit of AEAD cipher suites.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1680	byte[] nonce = authenticator.sequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1681
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1682	// initialize the AEAD cipher for the unique IV
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1683	byte[] iv = Arrays.copyOf(fixedIv,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1684	fixedIv.length + nonce.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1685	System.arraycopy(nonce, 0, iv, fixedIv.length, nonce.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1686
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1687	GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1688	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1689	cipher.init(Cipher.ENCRYPT_MODE, key, spec, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1690	} catch (InvalidKeyException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1691	InvalidAlgorithmParameterException ikae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1692	// unlikely to happen
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1693	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1694	"invalid key or spec in GCM mode", ikae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1695	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1696
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1697	// Update the additional authentication data, using the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1698	// implicit sequence number of the authenticator.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1699	byte[] aad = authenticator.acquireAuthenticationBytes(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1700	contentType, bb.remaining(), null);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1701	cipher.updateAAD(aad);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1702
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1703	// DON'T WORRY, the nonce spaces are considered already.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1704	bb.position(bb.position() - nonce.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1705	bb.put(nonce);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1706
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1707	// DON'T encrypt the nonce for AEAD mode.
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1708	int len, pos = bb.position();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1709	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1710	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1711	"Plaintext before ENCRYPTION",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1712	bb.duplicate());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1713	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1714
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1715	ByteBuffer dup = bb.duplicate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1716	int outputSize = cipher.getOutputSize(dup.remaining());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1717	if (outputSize > bb.remaining()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1718	// Need to expand the limit of the output buffer for
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1719	// the authentication tag.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1720	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1721	// DON'T worry about the buffer's capacity, we have
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1722	// reserved space for the authentication tag.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1723	bb.limit(pos + outputSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1724	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1725
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1726	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1727	len = cipher.doFinal(dup, bb);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1728	} catch (IllegalBlockSizeException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1729	BadPaddingException \| ShortBufferException ibse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1730	// unlikely to happen
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1731	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1732	"Cipher error in AEAD mode in JCE provider " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1733	cipher.getProvider().getName(), ibse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1734	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1735
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1736	if (len != outputSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1737	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1738	"Cipher buffering error in JCE provider " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1739	cipher.getProvider().getName());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1740	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1741
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1742	return len + nonce.length;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1743	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1744
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1745	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1746	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1747	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1748	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1749	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1750	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1751	// swallow all types of exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1752	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1753	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1754	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1755
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1756	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1757	int getExplicitNonceSize() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1758	return recordIvSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1759	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1760
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1761	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1762	int calculateFragmentSize(int packetLimit, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1763	return packetLimit - headerSize - recordIvSize - tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1764	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1765
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1766	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1767	int calculatePacketSize(int fragmentSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1768	return fragmentSize + headerSize + recordIvSize + tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1769	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1770	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1771	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1772
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1773	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1774	class T13GcmReadCipherGenerator implements ReadCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1775
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1776	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1777	public SSLReadCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1778	Authenticator authenticator, ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1779	String algorithm, Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1780	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1781	return new GcmReadCipher(authenticator, protocolVersion, sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1782	algorithm, key, params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1783	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1784
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1785	static final class GcmReadCipher extends SSLReadCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1786	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1787	private final int tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1788	private final Key key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1789	private final byte[] iv;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1790	private final SecureRandom random;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1791
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1792	GcmReadCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1793	ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1794	SSLCipher sslCipher, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1795	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1796	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1797	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1798	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1799	this.tagSize = sslCipher.tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1800	this.key = key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1801	this.iv = ((IvParameterSpec)params).getIV();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1802	this.random = random;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1803
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1804	// DON'T initialize the cipher for AEAD!
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1805	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1806
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1807	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1808	public Plaintext decrypt(byte contentType, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1809	byte[] sequence) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1810	// An implementation may receive an unencrypted record of type
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1811	// change_cipher_spec consisting of the single byte value 0x01
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1812	// at any time after the first ClientHello message has been
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1813	// sent or received and before the peer's Finished message has
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1814	// been received and MUST simply drop it without further
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1815	// processing.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1816	if (contentType == ContentType.CHANGE_CIPHER_SPEC.id) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1817	return new Plaintext(contentType,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1818	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1819	-1, -1L, bb.slice());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1820	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1821
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1822	if (bb.remaining() <= tagSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1823	throw new BadPaddingException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1824	"Insufficient buffer remaining for AEAD cipher " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1825	"fragment (" + bb.remaining() + "). Needs to be " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1826	"more than tag size (" + tagSize + ")");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1827	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1828
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1829	byte[] sn = sequence;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1830	if (sn == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1831	sn = authenticator.sequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1832	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1833	byte[] nonce = iv.clone();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1834	int offset = nonce.length - sn.length;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1835	for (int i = 0; i < sn.length; i++) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1836	nonce[offset + i] ^= sn[i];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1837	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1838
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1839	// initialize the AEAD cipher for the unique IV
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1840	GCMParameterSpec spec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1841	new GCMParameterSpec(tagSize * 8, nonce);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1842	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1843	cipher.init(Cipher.DECRYPT_MODE, key, spec, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1844	} catch (InvalidKeyException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1845	InvalidAlgorithmParameterException ikae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1846	// unlikely to happen
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1847	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1848	"invalid key or spec in GCM mode", ikae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1849	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1850
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1851	// Update the additional authentication data, using the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1852	// implicit sequence number of the authenticator.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1853	byte[] aad = authenticator.acquireAuthenticationBytes(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1854	contentType, bb.remaining(), sn);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1855	cipher.updateAAD(aad);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1856
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1857	int len, pos = bb.position();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1858	ByteBuffer dup = bb.duplicate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1859	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1860	len = cipher.doFinal(dup, bb);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1861	} catch (IllegalBlockSizeException ibse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1862	// unlikely to happen
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1863	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1864	"Cipher error in AEAD mode \"" + ibse.getMessage() +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1865	" \"in JCE provider " + cipher.getProvider().getName());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1866	} catch (ShortBufferException sbe) {
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1867	// catch BouncyCastle buffering error
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1868	throw new RuntimeException("Cipher buffering error in " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1869	"JCE provider " + cipher.getProvider().getName(), sbe);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1870	}
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1871	// reset the limit to the end of the decrypted data
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1872	bb.position(pos);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1873	bb.limit(pos + len);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1874
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1875	// remove inner plaintext padding
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1876	int i = bb.limit() - 1;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1877	for (; i > 0 && bb.get(i) == 0; i--) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1878	// blank
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1879	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1880	if (i < (pos + 1)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1881	throw new BadPaddingException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1882	"Incorrect inner plaintext: no content type");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1883	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1884	contentType = bb.get(i);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1885	bb.limit(i);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1886
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1887	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1888	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1889	"Plaintext after DECRYPTION", bb.duplicate());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1890	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1891
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1892	return new Plaintext(contentType,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1893	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1894	-1, -1L, bb.slice());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1895	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1896
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1897	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1898	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1899	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1900	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1901	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1902	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1903	// swallow all types of exceptions.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1904	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1905	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1906	}
90ce3da70b43 Initial load duke parents: diff changeset	1907
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1908	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1909	int estimateFragmentSize(int packetSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1910	return packetSize - headerSize - tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1911	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1912	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1913	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1914
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1915	private static final
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1916	class T13GcmWriteCipherGenerator implements WriteCipherGenerator {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1917	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1918	public SSLWriteCipher createCipher(SSLCipher sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1919	Authenticator authenticator, ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1920	String algorithm, Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1921	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1922	return new GcmWriteCipher(authenticator, protocolVersion, sslCipher,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1923	algorithm, key, params, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1924	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1925
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1926	private static final class GcmWriteCipher extends SSLWriteCipher {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1927	private final Cipher cipher;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1928	private final int tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1929	private final Key key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1930	private final byte[] iv;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1931	private final SecureRandom random;
2 90ce3da70b43 Initial load duke parents: diff changeset	1932
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1933	GcmWriteCipher(Authenticator authenticator,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1934	ProtocolVersion protocolVersion,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1935	SSLCipher sslCipher, String algorithm,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1936	Key key, AlgorithmParameterSpec params,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1937	SecureRandom random) throws GeneralSecurityException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1938	super(authenticator, protocolVersion);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1939	this.cipher = JsseJce.getCipher(algorithm);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1940	this.tagSize = sslCipher.tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1941	this.key = key;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1942	this.iv = ((IvParameterSpec)params).getIV();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1943	this.random = random;
2 90ce3da70b43 Initial load duke parents: diff changeset	1944
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1945	keyLimitCountdown = cipherLimits.getOrDefault(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1946	algorithm.toUpperCase() + ":" + tag[0], 0L);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1947	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1948	SSLLogger.fine("algorithm = " + algorithm.toUpperCase() +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1949	":" + tag[0] + "\ncountdown value = " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1950	keyLimitCountdown);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1951	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1952	if (keyLimitCountdown > 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1953	keyLimitEnabled = true;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1954	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1955
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1956	// DON'T initialize the cipher for AEAD!
2 90ce3da70b43 Initial load duke parents: diff changeset	1957	}
90ce3da70b43 Initial load duke parents: diff changeset	1958
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1959	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1960	public int encrypt(byte contentType,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1961	ByteBuffer bb) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1962	byte[] sn = authenticator.sequenceNumber();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1963	byte[] nonce = iv.clone();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1964	int offset = nonce.length - sn.length;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1965	for (int i = 0; i < sn.length; i++) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1966	nonce[offset + i] ^= sn[i];
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1967	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1968
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1969	// initialize the AEAD cipher for the unique IV
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1970	GCMParameterSpec spec =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1971	new GCMParameterSpec(tagSize * 8, nonce);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1972	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1973	cipher.init(Cipher.ENCRYPT_MODE, key, spec, random);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1974	} catch (InvalidKeyException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1975	InvalidAlgorithmParameterException ikae) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1976	// unlikely to happen
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1977	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1978	"invalid key or spec in GCM mode", ikae);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1979	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1980
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1981	// Update the additional authentication data, using the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1982	// implicit sequence number of the authenticator.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1983	int outputSize = cipher.getOutputSize(bb.remaining());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1984	byte[] aad = authenticator.acquireAuthenticationBytes(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1985	contentType, outputSize, sn);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1986	cipher.updateAAD(aad);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1987
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	1988	int len, pos = bb.position();
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1989	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1990	SSLLogger.fine(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1991	"Plaintext before ENCRYPTION",
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1992	bb.duplicate());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1993	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1994
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1995	ByteBuffer dup = bb.duplicate();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1996	if (outputSize > bb.remaining()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1997	// Need to expand the limit of the output buffer for
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1998	// the authentication tag.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	1999	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2000	// DON'T worry about the buffer's capacity, we have
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2001	// reserved space for the authentication tag.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2002	bb.limit(pos + outputSize);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2003	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2004
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2005	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2006	len = cipher.doFinal(dup, bb);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2007	} catch (IllegalBlockSizeException \|
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2008	BadPaddingException \| ShortBufferException ibse) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2009	// unlikely to happen
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2010	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2011	"Cipher error in AEAD mode in JCE provider " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2012	cipher.getProvider().getName(), ibse);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2013	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2014
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2015	if (len != outputSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2016	throw new RuntimeException(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2017	"Cipher buffering error in JCE provider " +
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2018	cipher.getProvider().getName());
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2019	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2020
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2021	if (keyLimitEnabled) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2022	keyLimitCountdown -= len;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2023	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2024	return len;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2025	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2026
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2027	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2028	void dispose() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2029	if (cipher != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2030	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2031	cipher.doFinal();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2032	} catch (Exception e) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2033	// swallow all types of exceptions.
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	2034	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	2035	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2036	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2037
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2038	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2039	int getExplicitNonceSize() {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2040	return 0;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2041	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2042
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2043	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2044	int calculateFragmentSize(int packetLimit, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2045	return packetLimit - headerSize - tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2046	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2047
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2048	@Override
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2049	int calculatePacketSize(int fragmentSize, int headerSize) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2050	return fragmentSize + headerSize + tagSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2051	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2052	}
90ce3da70b43 Initial load duke parents: diff changeset	2053	}
90ce3da70b43 Initial load duke parents: diff changeset	2054
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2055	private static void addMac(MAC signer,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2056	ByteBuffer destination, byte contentType) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2057	if (signer.macAlg().size != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2058	int dstContent = destination.position();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2059	byte[] hash = signer.compute(contentType, destination, false);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2060
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2061	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2062	* position was advanced to limit in MAC compute above.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2063	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2064	* Mark next area as writable (above layers should have
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2065	* established that we have plenty of room), then write
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2066	* out the hash.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2067	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2068	destination.limit(destination.limit() + hash.length);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2069	destination.put(hash);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2070
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2071	// reset the position and limit
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2072	destination.position(dstContent);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2073	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2074	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2075
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2076	// for null and stream cipher
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2077	private static void checkStreamMac(MAC signer, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2078	byte contentType, byte[] sequence) throws BadPaddingException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2079	int tagLen = signer.macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2080
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2081	// Requires message authentication code for null, stream and
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2082	// block cipher suites.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2083	if (tagLen != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2084	int contentLen = bb.remaining() - tagLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2085	if (contentLen < 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2086	throw new BadPaddingException("bad record");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2087	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2088
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2089	// Run MAC computation and comparison on the payload.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2090	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2091	// MAC data would be stripped off during the check.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2092	if (checkMacTags(contentType, bb, signer, sequence, false)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2093	throw new BadPaddingException("bad record MAC");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2094	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2095	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2096	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2097
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2098	// for CBC cipher
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2099	private static void checkCBCMac(MAC signer, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2100	byte contentType, int cipheredLength,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2101	byte[] sequence) throws BadPaddingException {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2102	BadPaddingException reservedBPE = null;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2103	int tagLen = signer.macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2104	int pos = bb.position();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2105
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2106	if (tagLen != 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2107	int contentLen = bb.remaining() - tagLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2108	if (contentLen < 0) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2109	reservedBPE = new BadPaddingException("bad record");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2110
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2111	// set offset of the dummy MAC
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2112	contentLen = cipheredLength - tagLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2113	bb.limit(pos + cipheredLength);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2114	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2115
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2116	// Run MAC computation and comparison on the payload.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2117	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2118	// MAC data would be stripped off during the check.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2119	if (checkMacTags(contentType, bb, signer, sequence, false)) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2120	if (reservedBPE == null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2121	reservedBPE =
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2122	new BadPaddingException("bad record MAC");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2123	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2124	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2125
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2126	// Run MAC computation and comparison on the remainder.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2127	int remainingLen = calculateRemainingLen(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2128	signer, cipheredLength, contentLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2129
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2130	// NOTE: remainingLen may be bigger (less than 1 block of the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2131	// hash algorithm of the MAC) than the cipheredLength.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2132	//
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2133	// Is it possible to use a static buffer, rather than allocate
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2134	// it dynamically?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2135	remainingLen += signer.macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2136	ByteBuffer temporary = ByteBuffer.allocate(remainingLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2137
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2138	// Won't need to worry about the result on the remainder. And
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2139	// then we won't need to worry about what's actual data to
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2140	// check MAC tag on. We start the check from the header of the
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2141	// buffer so that we don't need to construct a new byte buffer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2142	checkMacTags(contentType, temporary, signer, sequence, true);
2 90ce3da70b43 Initial load duke parents: diff changeset	2143	}
90ce3da70b43 Initial load duke parents: diff changeset	2144
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2145	// Is it a failover?
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2146	if (reservedBPE != null) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2147	throw reservedBPE;
2 90ce3da70b43 Initial load duke parents: diff changeset	2148	}
90ce3da70b43 Initial load duke parents: diff changeset	2149	}
90ce3da70b43 Initial load duke parents: diff changeset	2150
90ce3da70b43 Initial load duke parents: diff changeset	2151	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2152	* Run MAC computation and comparison
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2153	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2154	private static boolean checkMacTags(byte contentType, ByteBuffer bb,
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2155	MAC signer, byte[] sequence, boolean isSimulated) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2156	int tagLen = signer.macAlg().size;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2157	int position = bb.position();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2158	int lim = bb.limit();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2159	int macOffset = lim - tagLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2160
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2161	bb.limit(macOffset);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2162	byte[] hash = signer.compute(contentType, bb, sequence, isSimulated);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2163	if (hash == null \|\| tagLen != hash.length) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2164	// Something is wrong with MAC implementation.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2165	throw new RuntimeException("Internal MAC error");
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2166	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2167
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2168	bb.position(macOffset);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2169	bb.limit(lim);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2170	try {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2171	int[] results = compareMacTags(bb, hash);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2172	return (results[0] != 0);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2173	} finally {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2174	// reset to the data
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2175	bb.position(position);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2176	bb.limit(macOffset);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2177	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2178	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2179
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2180	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2181	* A constant-time comparison of the MAC tags.
2 90ce3da70b43 Initial load duke parents: diff changeset	2182	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2183	* Please DON'T change the content of the ByteBuffer parameter!
2 90ce3da70b43 Initial load duke parents: diff changeset	2184	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2185	private static int[] compareMacTags(ByteBuffer bb, byte[] tag) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2186	// An array of hits is used to prevent Hotspot optimization for
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2187	// the purpose of a constant-time check.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2188	int[] results = {0, 0}; // {missed #, matched #}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2189
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2190	// The caller ensures there are enough bytes available in the buffer.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2191	// So we won't need to check the remaining of the buffer.
56715 b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	2192	for (byte t : tag) {
b152d06ed6a9 code review nits and TrasnportContext constructor changes ascarpino parents: 56542 diff changeset	2193	if (bb.get() != t) {
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2194	results[0]++; // mismatched bytes
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2195	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2196	results[1]++; // matched bytes
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2197	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2198	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2199
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2200	return results;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2201	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2202
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2203	/*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2204	* Calculate the length of a dummy buffer to run MAC computation
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2205	* and comparison on the remainder.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2206	*
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2207	* The caller MUST ensure that the fullLen is not less than usedLen.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2208	*/
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2209	private static int calculateRemainingLen(
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2210	MAC signer, int fullLen, int usedLen) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2211
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2212	int blockLen = signer.macAlg().hashBlockSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2213	int minimalPaddingLen = signer.macAlg().minimalPaddingSize;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2214
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2215	// (blockLen - minimalPaddingLen) is the maximum message size of
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2216	// the last block of hash function operation. See FIPS 180-4, or
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2217	// MD5 specification.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2218	fullLen += 13 - (blockLen - minimalPaddingLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2219	usedLen += 13 - (blockLen - minimalPaddingLen);
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2220
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2221	// Note: fullLen is always not less than usedLen, and blockLen
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2222	// is always bigger than minimalPaddingLen, so we don't worry
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2223	// about negative values. 0x01 is added to the result to ensure
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2224	// that the return value is positive. The extra one byte does
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2225	// not impact the overall MAC compression function evaluations.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2226	return 0x01 + (int)(Math.ceil(fullLen/(1.0d * blockLen)) -
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2227	Math.ceil(usedLen/(1.0d * blockLen))) * blockLen;
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2228	}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2229
2 90ce3da70b43 Initial load duke parents: diff changeset	2230	private static int addPadding(ByteBuffer bb, int blockSize) {
90ce3da70b43 Initial load duke parents: diff changeset	2231
90ce3da70b43 Initial load duke parents: diff changeset	2232	int len = bb.remaining();
90ce3da70b43 Initial load duke parents: diff changeset	2233	int offset = bb.position();
90ce3da70b43 Initial load duke parents: diff changeset	2234
90ce3da70b43 Initial load duke parents: diff changeset	2235	int newlen = len + 1;
90ce3da70b43 Initial load duke parents: diff changeset	2236	byte pad;
90ce3da70b43 Initial load duke parents: diff changeset	2237	int i;
90ce3da70b43 Initial load duke parents: diff changeset	2238
90ce3da70b43 Initial load duke parents: diff changeset	2239	if ((newlen % blockSize) != 0) {
90ce3da70b43 Initial load duke parents: diff changeset	2240	newlen += blockSize - 1;
90ce3da70b43 Initial load duke parents: diff changeset	2241	newlen -= newlen % blockSize;
90ce3da70b43 Initial load duke parents: diff changeset	2242	}
90ce3da70b43 Initial load duke parents: diff changeset	2243	pad = (byte) (newlen - len);
90ce3da70b43 Initial load duke parents: diff changeset	2244
90ce3da70b43 Initial load duke parents: diff changeset	2245	/*
90ce3da70b43 Initial load duke parents: diff changeset	2246	* Update the limit to what will be padded.
90ce3da70b43 Initial load duke parents: diff changeset	2247	*/
90ce3da70b43 Initial load duke parents: diff changeset	2248	bb.limit(newlen + offset);
90ce3da70b43 Initial load duke parents: diff changeset	2249
90ce3da70b43 Initial load duke parents: diff changeset	2250	/*
90ce3da70b43 Initial load duke parents: diff changeset	2251	* TLS version of the padding works for both SSLv3 and TLSv1
90ce3da70b43 Initial load duke parents: diff changeset	2252	*/
90ce3da70b43 Initial load duke parents: diff changeset	2253	for (i = 0, offset += len; i < pad; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	2254	bb.put(offset++, (byte) (pad - 1));
90ce3da70b43 Initial load duke parents: diff changeset	2255	}
90ce3da70b43 Initial load duke parents: diff changeset	2256
90ce3da70b43 Initial load duke parents: diff changeset	2257	bb.position(offset);
90ce3da70b43 Initial load duke parents: diff changeset	2258	bb.limit(offset);
90ce3da70b43 Initial load duke parents: diff changeset	2259
90ce3da70b43 Initial load duke parents: diff changeset	2260	return newlen;
90ce3da70b43 Initial load duke parents: diff changeset	2261	}
90ce3da70b43 Initial load duke parents: diff changeset	2262
90ce3da70b43 Initial load duke parents: diff changeset	2263	private static int removePadding(ByteBuffer bb,
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2264	int tagLen, int blockSize,
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2265	ProtocolVersion protocolVersion) throws BadPaddingException {
2 90ce3da70b43 Initial load duke parents: diff changeset	2266	int len = bb.remaining();
90ce3da70b43 Initial load duke parents: diff changeset	2267	int offset = bb.position();
90ce3da70b43 Initial load duke parents: diff changeset	2268
90ce3da70b43 Initial load duke parents: diff changeset	2269	// last byte is length byte (i.e. actual padding length - 1)
90ce3da70b43 Initial load duke parents: diff changeset	2270	int padOffset = offset + len - 1;
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2271	int padLen = bb.get(padOffset) & 0xFF;
2 90ce3da70b43 Initial load duke parents: diff changeset	2272
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2273	int newLen = len - (padLen + 1);
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2274	if ((newLen - tagLen) < 0) {
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2275	// If the buffer is not long enough to contain the padding plus
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2276	// a MAC tag, do a dummy constant-time padding check.
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2277	//
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2278	// Note that it is a dummy check, so we won't care about what is
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2279	// the actual padding data.
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2280	checkPadding(bb.duplicate(), (byte)(padLen & 0xFF));
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2281
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2282	throw new BadPaddingException("Invalid Padding length: " + padLen);
2 90ce3da70b43 Initial load duke parents: diff changeset	2283	}
90ce3da70b43 Initial load duke parents: diff changeset	2284
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2285	// The padding data should be filled with the padding length value.
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2286	int[] results = checkPadding(
27292 7ff4b24b33ce 4774077: Use covariant return types in the NIO buffer hierarchy rwarburton parents: 25859 diff changeset	2287	bb.duplicate().position(offset + newLen),
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2288	(byte)(padLen & 0xFF));
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2289	if (protocolVersion.useTLS10PlusSpec()) {
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2290	if (results[0] != 0) { // padding data has invalid bytes
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2291	throw new BadPaddingException("Invalid TLS padding data");
2 90ce3da70b43 Initial load duke parents: diff changeset	2292	}
90ce3da70b43 Initial load duke parents: diff changeset	2293	} else { // SSLv3
90ce3da70b43 Initial load duke parents: diff changeset	2294	// SSLv3 requires 0 <= length byte < block size
90ce3da70b43 Initial load duke parents: diff changeset	2295	// some implementations do 1 <= length byte <= block size,
90ce3da70b43 Initial load duke parents: diff changeset	2296	// so accept that as well
90ce3da70b43 Initial load duke parents: diff changeset	2297	// v3 does not require any particular value for the other bytes
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2298	if (padLen > blockSize) {
40544 807dd9a425db 8150530: Improve javax.crypto.BadPaddingException messages coffeys parents: 34826 diff changeset	2299	throw new BadPaddingException("Padding length (" +
807dd9a425db 8150530: Improve javax.crypto.BadPaddingException messages coffeys parents: 34826 diff changeset	2300	padLen + ") of SSLv3 message should not be bigger " +
807dd9a425db 8150530: Improve javax.crypto.BadPaddingException messages coffeys parents: 34826 diff changeset	2301	"than the block size (" + blockSize + ")");
2 90ce3da70b43 Initial load duke parents: diff changeset	2302	}
90ce3da70b43 Initial load duke parents: diff changeset	2303	}
90ce3da70b43 Initial load duke parents: diff changeset	2304
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2305	// Reset buffer limit to remove padding.
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2306	bb.limit(offset + newLen);
2 90ce3da70b43 Initial load duke parents: diff changeset	2307
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2308	return newLen;
2 90ce3da70b43 Initial load duke parents: diff changeset	2309	}
1763 0a6b65d56746 6750401: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider wetmore parents: 2 diff changeset	2310
0a6b65d56746 6750401: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider wetmore parents: 2 diff changeset	2311	/*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2312	* A constant-time check of the padding.
10915 1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 7039 diff changeset	2313	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2314	* NOTE that we are checking both the padding and the padLen bytes here.
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2315	*
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2316	* The caller MUST ensure that the bb parameter has remaining.
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2317	*/
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2318	private static int[] checkPadding(ByteBuffer bb, byte pad) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2319	if (!bb.hasRemaining()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2320	throw new RuntimeException("hasRemaining() must be positive");
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2321	}
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2322
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2323	// An array of hits is used to prevent Hotspot optimization for
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2324	// the purpose of a constant-time check.
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2325	int[] results = {0, 0}; // {missed #, matched #}
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2326	bb.mark();
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2327	for (int i = 0; i <= 256; bb.reset()) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2328	for (; bb.hasRemaining() && i <= 256; i++) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2329	if (bb.get() != pad) {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2330	results[0]++; // mismatched padding data
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2331	} else {
56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2332	results[1]++; // matched padding data
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2333	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2334	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2335	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2336
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2337	return results;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2338	}
56542 56aaa6cb3693 Initial TLSv1.3 Implementation wetmore parents: 47216 diff changeset	2339	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2340

author	ascarpino
	Sat, 09 Jun 2018 13:38:27 -0700
branch	JDK-8145252-TLS13-branch
changeset 56715	b152d06ed6a9
parent 56542	56aaa6cb3693
child 56784	6210466cf1ac
permissions	-rw-r--r--