jdk-sandbox: src/java.base/share/classes/sun/security/ssl/SSLCipher.java@ed52ea83f830 (annotated)

2 90ce3da70b43 Initial load duke parents: diff changeset	1	/*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2	* Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
2 90ce3da70b43 Initial load duke parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
90ce3da70b43 Initial load duke parents: diff changeset	4	*
90ce3da70b43 Initial load duke parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
90ce3da70b43 Initial load duke parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	7	* published by the Free Software Foundation. Oracle designates this
2 90ce3da70b43 Initial load duke parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
2 90ce3da70b43 Initial load duke parents: diff changeset	10	*
90ce3da70b43 Initial load duke parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
90ce3da70b43 Initial load duke parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
90ce3da70b43 Initial load duke parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
90ce3da70b43 Initial load duke parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
90ce3da70b43 Initial load duke parents: diff changeset	15	* accompanied this code).
90ce3da70b43 Initial load duke parents: diff changeset	16	*
90ce3da70b43 Initial load duke parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
90ce3da70b43 Initial load duke parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
90ce3da70b43 Initial load duke parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
90ce3da70b43 Initial load duke parents: diff changeset	20	*
5506 202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	22	* or visit www.oracle.com if you need additional information or have any
202f599c92aa 6943119: Rebrand source copyright notices ohair parents: 1763 diff changeset	23	* questions.
2 90ce3da70b43 Initial load duke parents: diff changeset	24	*/
90ce3da70b43 Initial load duke parents: diff changeset	25
90ce3da70b43 Initial load duke parents: diff changeset	26	package sun.security.ssl;
90ce3da70b43 Initial load duke parents: diff changeset	27
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	28	import java.nio.ByteBuffer;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	29	import java.security.AccessController;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	30	import java.security.GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	31	import java.security.InvalidAlgorithmParameterException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	32	import java.security.InvalidKeyException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	33	import java.security.Key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	34	import java.security.PrivilegedAction;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	35	import java.security.SecureRandom;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	36	import java.security.Security;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	37	import java.security.spec.AlgorithmParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	38	import java.util.AbstractMap.SimpleImmutableEntry;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	39	import java.util.Arrays;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	40	import java.util.HashMap;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	41	import java.util.Map;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	42	import javax.crypto.BadPaddingException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	43	import javax.crypto.Cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	44	import javax.crypto.IllegalBlockSizeException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	45	import javax.crypto.SecretKey;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	46	import javax.crypto.ShortBufferException;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	47	import javax.crypto.spec.GCMParameterSpec;
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	48	import javax.crypto.spec.IvParameterSpec;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	49	import sun.security.ssl.Authenticator.MAC;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	50	import static sun.security.ssl.CipherType.*;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	51	import static sun.security.ssl.JsseJce.*;
2 90ce3da70b43 Initial load duke parents: diff changeset	52
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	53	enum SSLCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	54	// exportable ciphers
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	55	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	56	B_NULL("NULL", NULL_CIPHER, 0, 0, 0, 0, true, true,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	57	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	58	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	59	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	60	new NullReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	61	ProtocolVersion.PROTOCOLS_OF_NONE
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	62	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	63	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	64	new NullReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	65	ProtocolVersion.PROTOCOLS_TO_13
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	66	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	67	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	68	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	69	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	70	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	71	new NullWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	72	ProtocolVersion.PROTOCOLS_OF_NONE
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	73	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	74	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	75	new NullWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	76	ProtocolVersion.PROTOCOLS_TO_13
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	77	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	78	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	79
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	80	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	81	B_RC4_40(CIPHER_RC4, STREAM_CIPHER, 5, 16, 0, 0, true, true,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	82	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	83	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	84	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	85	new StreamReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	86	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	87	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	88	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	89	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	90	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	91	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	92	new StreamWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	93	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	94	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	95	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	96
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	97	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	98	B_RC2_40("RC2", BLOCK_CIPHER, 5, 16, 8, 0, false, true,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	99	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	100	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	101	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	102	new StreamReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	103	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	104	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	105	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	106	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	107	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	108	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	109	new StreamWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	110	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	111	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	112	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	113
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	114	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	115	B_DES_40(CIPHER_DES, BLOCK_CIPHER, 5, 8, 8, 0, true, true,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	116	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	117	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	118	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	119	new T10BlockReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	120	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	121	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	122	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	123	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	124	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	125	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	126	new T10BlockWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	127	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	128	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	129	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	130
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	131	// domestic strength ciphers
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	132	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	133	B_RC4_128(CIPHER_RC4, STREAM_CIPHER, 16, 16, 0, 0, true, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	134	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	135	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	136	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	137	new StreamReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	138	ProtocolVersion.PROTOCOLS_TO_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	139	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	140	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	141	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	142	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	143	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	144	new StreamWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	145	ProtocolVersion.PROTOCOLS_TO_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	146	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	147	})),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	148
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	149	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	150	B_DES(CIPHER_DES, BLOCK_CIPHER, 8, 8, 8, 0, true, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	151	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	152	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	153	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	154	new T10BlockReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	155	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	156	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	157	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	158	new T11BlockReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	159	ProtocolVersion.PROTOCOLS_OF_11
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	160	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	161	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	162	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	163	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	164	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	165	new T10BlockWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	166	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	167	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	168	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	169	new T11BlockWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	170	ProtocolVersion.PROTOCOLS_OF_11
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	171	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	172	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	173
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	174	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	175	B_3DES(CIPHER_3DES, BLOCK_CIPHER, 24, 24, 8, 0, true, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	176	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	177	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	178	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	179	new T10BlockReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	180	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	181	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	182	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	183	new T11BlockReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	184	ProtocolVersion.PROTOCOLS_11_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	185	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	186	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	187	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	188	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	189	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	190	new T10BlockWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	191	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	192	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	193	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	194	new T11BlockWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	195	ProtocolVersion.PROTOCOLS_11_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	196	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	197	})),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	198
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	199	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	200	B_IDEA("IDEA", BLOCK_CIPHER, 16, 16, 8, 0, false, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	201	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	202	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	203	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	204	null,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	205	ProtocolVersion.PROTOCOLS_TO_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	206	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	207	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	208	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	209	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	210	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	211	null,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	212	ProtocolVersion.PROTOCOLS_TO_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	213	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	214	})),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	215
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	216	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	217	B_AES_128(CIPHER_AES, BLOCK_CIPHER, 16, 16, 16, 0, true, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	218	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	219	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	220	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	221	new T10BlockReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	222	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	223	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	224	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	225	new T11BlockReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	226	ProtocolVersion.PROTOCOLS_11_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	227	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	228	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	229	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	230	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	231	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	232	new T10BlockWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	233	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	234	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	235	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	236	new T11BlockWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	237	ProtocolVersion.PROTOCOLS_11_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	238	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	239	})),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	240
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	241	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	242	B_AES_256(CIPHER_AES, BLOCK_CIPHER, 32, 32, 16, 0, true, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	243	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	244	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	245	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	246	new T10BlockReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	247	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	248	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	249	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	250	new T11BlockReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	251	ProtocolVersion.PROTOCOLS_11_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	252	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	253	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	254	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	255	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	256	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	257	new T10BlockWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	258	ProtocolVersion.PROTOCOLS_TO_10
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	259	),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	260	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	261	new T11BlockWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	262	ProtocolVersion.PROTOCOLS_11_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	263	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	264	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	265
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	266	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	267	B_AES_128_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 16, 16, 12, 4, true, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	268	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	269	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	270	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	271	new T12GcmReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	272	ProtocolVersion.PROTOCOLS_OF_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	273	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	274	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	275	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	276	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	277	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	278	new T12GcmWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	279	ProtocolVersion.PROTOCOLS_OF_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	280	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	281	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	282
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	283	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	284	B_AES_256_GCM(CIPHER_AES_GCM, AEAD_CIPHER, 32, 32, 12, 4, true, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	285	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	286	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	287	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	288	new T12GcmReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	289	ProtocolVersion.PROTOCOLS_OF_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	290	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	291	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	292	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	293	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	294	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	295	new T12GcmWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	296	ProtocolVersion.PROTOCOLS_OF_12
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	297	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	298	})),
2 90ce3da70b43 Initial load duke parents: diff changeset	299
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	300	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	301	B_AES_128_GCM_IV(CIPHER_AES_GCM, AEAD_CIPHER, 16, 16, 12, 0, true, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	302	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	303	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	304	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	305	new T13GcmReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	306	ProtocolVersion.PROTOCOLS_OF_13
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	307	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	308	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	309	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	310	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	311	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	312	new T13GcmWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	313	ProtocolVersion.PROTOCOLS_OF_13
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	314	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	315	})),
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	316
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	317	@SuppressWarnings({"unchecked", "rawtypes"})
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	318	B_AES_256_GCM_IV(CIPHER_AES_GCM, AEAD_CIPHER, 32, 32, 12, 0, true, false,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	319	(Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	320	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	321	new SimpleImmutableEntry<ReadCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	322	new T13GcmReadCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	323	ProtocolVersion.PROTOCOLS_OF_13
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	324	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	325	}),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	326	(Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	327	ProtocolVersion[]>[])(new Map.Entry[] {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	328	new SimpleImmutableEntry<WriteCipherGenerator, ProtocolVersion[]>(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	329	new T13GcmWriteCipherGenerator(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	330	ProtocolVersion.PROTOCOLS_OF_13
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	331	)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	332	}));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	333
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	334	// descriptive name including key size, e.g. AES/128
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	335	final String description;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	336
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	337	// JCE cipher transformation string, e.g. AES/CBC/NoPadding
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	338	final String transformation;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	339
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	340	// algorithm name, e.g. AES
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	341	final String algorithm;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	342
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	343	// supported and compile time enabled. Also see isAvailable()
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	344	final boolean allowed;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	345
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	346	// number of bytes of entropy in the key
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	347	final int keySize;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	348
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	349	// length of the actual cipher key in bytes.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	350	// for non-exportable ciphers, this is the same as keySize
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	351	final int expandedKeySize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	352
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	353	// size of the IV
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	354	final int ivSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	355
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	356	// size of fixed IV
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	357	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	358	// record_iv_length = ivSize - fixedIvSize
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	359	final int fixedIvSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	360
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	361	// exportable under 512/40 bit rules
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	362	final boolean exportable;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	363
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	364	// Is the cipher algorithm of Cipher Block Chaining (CBC) mode?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	365	final CipherType cipherType;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	366
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	367	// size of the authentication tag, only applicable to cipher suites in
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	368	// Galois Counter Mode (GCM)
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	369	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	370	// As far as we know, all supported GCM cipher suites use 128-bits
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	371	// authentication tags.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	372	final int tagSize = 16;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	373
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	374	// runtime availability
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	375	private final boolean isAvailable;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	376
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	377	private final Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	378	ProtocolVersion[]>[] readCipherGenerators;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	379	private final Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	380	ProtocolVersion[]>[] writeCipherGenerators;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	381
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	382	// Map of Ciphers listed in jdk.tls.keyLimits
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	383	private static final HashMap<String, Long> cipherLimits = new HashMap<>();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	384
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	385	// Keywords found on the jdk.tls.keyLimits security property.
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	386	final static String tag[] = {"KEYUPDATE"};
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	387
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	388	static {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	389	final long max = 4611686018427387904L; // 2^62
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	390	String prop = AccessController.doPrivileged(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	391	new PrivilegedAction<String>() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	392	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	393	public String run() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	394	return Security.getProperty("jdk.tls.keyLimits");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	395	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	396	});
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	397
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	398	if (prop != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	399	String propvalue[] = prop.split(",");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	400
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	401	for (String entry : propvalue) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	402	int index;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	403	// If this is not a UsageLimit, goto to next entry.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	404	String values[] = entry.trim().toUpperCase().split(" ");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	405
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	406	if (values[1].contains(tag[0])) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	407	index = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	408	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	409	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	410	SSLLogger.fine("jdk.tls.keyLimits: Unknown action: " +
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	411	entry);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	412	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	413	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	414	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	415
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	416	long size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	417	int i = values[2].indexOf("^");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	418	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	419	if (i >= 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	420	size = (long) Math.pow(2,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	421	Integer.parseInt(values[2].substring(i + 1)));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	422	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	423	size = Long.parseLong(values[2]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	424	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	425	if (size < 1 \|\| size > max) {
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	426	throw new NumberFormatException(
ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	427	"Length exceeded limits");
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	428	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	429	} catch (NumberFormatException e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	430	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	431	SSLLogger.fine("jdk.tls.keyLimits: " + e.getMessage() +
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	432	": " + entry);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	433	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	434	continue;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	435	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	436	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
51574 ed52ea83f830 8207317: SSLEngine negotiation fail exception behavior changed from fail-fast to fail-lazy wetmore parents: 50768 diff changeset	437	SSLLogger.fine("jdk.tls.keyLimits: entry = " + entry +
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	438	". " + values[0] + ":" + tag[index] + " = " + size);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	439	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	440	cipherLimits.put(values[0] + ":" + tag[index], size);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	441	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	442	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	443	}
10915 1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 7039 diff changeset	444
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	445	private SSLCipher(String transformation,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	446	CipherType cipherType, int keySize,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	447	int expandedKeySize, int ivSize,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	448	int fixedIvSize, boolean allowed, boolean exportable,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	449	Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	450	ProtocolVersion[]>[] readCipherGenerators,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	451	Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	452	ProtocolVersion[]>[] writeCipherGenerators) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	453	this.transformation = transformation;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	454	String[] splits = transformation.split("/");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	455	this.algorithm = splits[0];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	456	this.cipherType = cipherType;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	457	this.description = this.algorithm + "/" + (keySize << 3);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	458	this.keySize = keySize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	459	this.ivSize = ivSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	460	this.fixedIvSize = fixedIvSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	461	this.allowed = allowed;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	462
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	463	this.expandedKeySize = expandedKeySize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	464	this.exportable = exportable;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	465
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	466	// availability of this bulk cipher
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	467	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	468	// We assume all supported ciphers are always available since they are
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	469	// shipped with the SunJCE provider. However, AES/256 is unavailable
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	470	// when the default JCE policy jurisdiction files are installed because
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	471	// of key length restrictions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	472	this.isAvailable = allowed && isUnlimited(keySize, transformation);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	473
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	474	this.readCipherGenerators = readCipherGenerators;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	475	this.writeCipherGenerators = writeCipherGenerators;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	476	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	477
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	478	SSLReadCipher createReadCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	479	ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	480	SecretKey key, IvParameterSpec iv,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	481	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	482	if (readCipherGenerators.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	483	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	484	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	485
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	486	ReadCipherGenerator rcg = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	487	for (Map.Entry<ReadCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	488	ProtocolVersion[]> me : readCipherGenerators) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	489	for (ProtocolVersion pv : me.getValue()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	490	if (protocolVersion == pv) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	491	rcg = me.getKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	492	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	493	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	494	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	495
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	496	if (rcg != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	497	return rcg.createCipher(this, authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	498	protocolVersion, transformation, key, iv, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	499	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	500	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	501	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	502
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	503	SSLWriteCipher createWriteCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	504	ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	505	SecretKey key, IvParameterSpec iv,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	506	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	507	if (readCipherGenerators.length == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	508	return null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	509	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	510
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	511	WriteCipherGenerator rcg = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	512	for (Map.Entry<WriteCipherGenerator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	513	ProtocolVersion[]> me : writeCipherGenerators) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	514	for (ProtocolVersion pv : me.getValue()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	515	if (protocolVersion == pv) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	516	rcg = me.getKey();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	517	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	518	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	519	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	520
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	521	if (rcg != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	522	return rcg.createCipher(this, authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	523	protocolVersion, transformation, key, iv, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	524	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	525	return null;
2 90ce3da70b43 Initial load duke parents: diff changeset	526	}
90ce3da70b43 Initial load duke parents: diff changeset	527
90ce3da70b43 Initial load duke parents: diff changeset	528	/**
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	529	* Test if this bulk cipher is available. For use by CipherSuite.
2 90ce3da70b43 Initial load duke parents: diff changeset	530	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	531	boolean isAvailable() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	532	return this.isAvailable;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	533	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	534
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	535	private static boolean isUnlimited(int keySize, String transformation) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	536	int keySizeInBits = keySize * 8;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	537	if (keySizeInBits > 128) { // need the JCE unlimited
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	538	// strength jurisdiction policy
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	539	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	540	if (Cipher.getMaxAllowedKeyLength(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	541	transformation) < keySizeInBits) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	542	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	543	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	544	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	545	return false;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	546	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	547	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	548
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	549	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	550	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	551
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	552	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	553	public String toString() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	554	return description;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	555	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	556
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	557	interface ReadCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	558	SSLReadCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	559	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	560	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	561	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	562	SecureRandom random) throws GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	563	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	564
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	565	abstract static class SSLReadCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	566	final Authenticator authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	567	final ProtocolVersion protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	568	boolean keyLimitEnabled = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	569	long keyLimitCountdown = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	570	SecretKey baseSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	571
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	572	SSLReadCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	573	ProtocolVersion protocolVersion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	574	this.authenticator = authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	575	this.protocolVersion = protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	576	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	577
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	578	static final SSLReadCipher nullTlsReadCipher() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	579	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	580	return B_NULL.createReadCipher(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	581	Authenticator.nullTlsMac(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	582	ProtocolVersion.NONE, null, null, null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	583	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	584	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	585	throw new RuntimeException("Cannot create NULL SSLCipher", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	586	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	587	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	588
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	589	static final SSLReadCipher nullDTlsReadCipher() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	590	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	591	return B_NULL.createReadCipher(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	592	Authenticator.nullDtlsMac(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	593	ProtocolVersion.NONE, null, null, null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	594	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	595	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	596	throw new RuntimeException("Cannot create NULL SSLCipher", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	597	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	598	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	599
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	600	abstract Plaintext decrypt(byte contentType, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	601	byte[] sequence) throws GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	602
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	603	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	604	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	605	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	606
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	607	abstract int estimateFragmentSize(int packetSize, int headerSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	608
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	609	boolean isNullCipher() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	610	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	611	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	612
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	613	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	614	* Check if processed bytes have reached the key usage limit.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	615	* If key usage limit is not be monitored, return false.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	616	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	617	public boolean atKeyLimit() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	618	if (keyLimitCountdown >= 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	619	return false;
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	620	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	621
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	622	// Turn off limit checking as KeyUpdate will be occurring
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	623	keyLimitEnabled = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	624	return true;
2 90ce3da70b43 Initial load duke parents: diff changeset	625	}
90ce3da70b43 Initial load duke parents: diff changeset	626	}
90ce3da70b43 Initial load duke parents: diff changeset	627
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	628	interface WriteCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	629	SSLWriteCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	630	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	631	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	632	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	633	SecureRandom random) throws GeneralSecurityException;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	634	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	635
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	636	abstract static class SSLWriteCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	637	final Authenticator authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	638	final ProtocolVersion protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	639	boolean keyLimitEnabled = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	640	long keyLimitCountdown = 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	641	SecretKey baseSecret;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	642
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	643	SSLWriteCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	644	ProtocolVersion protocolVersion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	645	this.authenticator = authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	646	this.protocolVersion = protocolVersion;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	647	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	648
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	649	abstract int encrypt(byte contentType, ByteBuffer bb);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	650
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	651	static final SSLWriteCipher nullTlsWriteCipher() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	652	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	653	return B_NULL.createWriteCipher(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	654	Authenticator.nullTlsMac(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	655	ProtocolVersion.NONE, null, null, null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	656	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	657	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	658	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	659	"Cannot create NULL SSL write Cipher", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	660	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	661	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	662
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	663	static final SSLWriteCipher nullDTlsWriteCipher() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	664	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	665	return B_NULL.createWriteCipher(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	666	Authenticator.nullDtlsMac(),
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	667	ProtocolVersion.NONE, null, null, null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	668	} catch (GeneralSecurityException gse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	669	// unlikely
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	670	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	671	"Cannot create NULL SSL write Cipher", gse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	672	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	673	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	674
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	675	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	676	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	677	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	678
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	679	abstract int getExplicitNonceSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	680	abstract int calculateFragmentSize(int packetLimit, int headerSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	681	abstract int calculatePacketSize(int fragmentSize, int headerSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	682
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	683	boolean isCBCMode() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	684	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	685	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	686
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	687	boolean isNullCipher() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	688	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	689	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	690
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	691	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	692	* Check if processed bytes have reached the key usage limit.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	693	* If key usage limit is not be monitored, return false.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	694	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	695	public boolean atKeyLimit() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	696	if (keyLimitCountdown >= 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	697	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	698	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	699
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	700	// Turn off limit checking as KeyUpdate will be occurring
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	701	keyLimitEnabled = false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	702	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	703	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	704	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	705
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	706	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	707	class NullReadCipherGenerator implements ReadCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	708	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	709	public SSLReadCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	710	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	711	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	712	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	713	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	714	return new NullReadCipher(authenticator, protocolVersion);
2 90ce3da70b43 Initial load duke parents: diff changeset	715	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	716
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	717	static final class NullReadCipher extends SSLReadCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	718	NullReadCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	719	ProtocolVersion protocolVersion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	720	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	721	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	722
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	723	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	724	public Plaintext decrypt(byte contentType, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	725	byte[] sequence) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	726	MAC signer = (MAC)authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	727	if (signer.macAlg().size != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	728	checkStreamMac(signer, bb, contentType, sequence);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	729	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	730	authenticator.increaseSequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	731	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	732
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	733	return new Plaintext(contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	734	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	735	-1, -1L, bb.slice());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	736	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	737
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	738	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	739	int estimateFragmentSize(int packetSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	740	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	741	return packetSize - headerSize - macLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	742	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	743
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	744	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	745	boolean isNullCipher() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	746	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	747	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	748	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	749	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	750
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	751	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	752	class NullWriteCipherGenerator implements WriteCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	753	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	754	public SSLWriteCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	755	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	756	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	757	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	758	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	759	return new NullWriteCipher(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	760	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	761
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	762	static final class NullWriteCipher extends SSLWriteCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	763	NullWriteCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	764	ProtocolVersion protocolVersion) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	765	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	766	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	767
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	768	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	769	public int encrypt(byte contentType, ByteBuffer bb) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	770	// add message authentication code
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	771	MAC signer = (MAC)authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	772	if (signer.macAlg().size != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	773	addMac(signer, bb, contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	774	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	775	authenticator.increaseSequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	776	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	777
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	778	int len = bb.remaining();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	779	bb.position(bb.limit());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	780	return len;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	781	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	782
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	783
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	784	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	785	int getExplicitNonceSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	786	return 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	787	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	788
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	789	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	790	int calculateFragmentSize(int packetLimit, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	791	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	792	return packetLimit - headerSize - macLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	793	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	794
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	795	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	796	int calculatePacketSize(int fragmentSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	797	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	798	return fragmentSize + headerSize + macLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	799	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	800
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	801	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	802	boolean isNullCipher() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	803	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	804	}
2 90ce3da70b43 Initial load duke parents: diff changeset	805	}
90ce3da70b43 Initial load duke parents: diff changeset	806	}
90ce3da70b43 Initial load duke parents: diff changeset	807
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	808	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	809	class StreamReadCipherGenerator implements ReadCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	810	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	811	public SSLReadCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	812	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	813	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	814	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	815	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	816	return new StreamReadCipher(authenticator, protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	817	algorithm, key, params, random);
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	818	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	819
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	820	static final class StreamReadCipher extends SSLReadCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	821	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	822
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	823	StreamReadCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	824	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	825	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	826	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	827	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	828	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	829	cipher.init(Cipher.DECRYPT_MODE, key, params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	830	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	831
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	832	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	833	public Plaintext decrypt(byte contentType, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	834	byte[] sequence) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	835	int len = bb.remaining();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	836	int pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	837	ByteBuffer dup = bb.duplicate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	838	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	839	if (len != cipher.update(dup, bb)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	840	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	841	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	842	"Unexpected number of plaintext bytes");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	843	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	844	if (bb.position() != dup.position()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	845	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	846	"Unexpected ByteBuffer position");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	847	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	848	} catch (ShortBufferException sbe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	849	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	850	throw new RuntimeException("Cipher buffering error in " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	851	"JCE provider " + cipher.getProvider().getName(), sbe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	852	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	853	bb.position(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	854	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	855	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	856	"Plaintext after DECRYPTION", bb.duplicate());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	857	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	858
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	859	MAC signer = (MAC)authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	860	if (signer.macAlg().size != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	861	checkStreamMac(signer, bb, contentType, sequence);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	862	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	863	authenticator.increaseSequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	864	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	865
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	866	return new Plaintext(contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	867	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	868	-1, -1L, bb.slice());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	869	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	870
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	871	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	872	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	873	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	874	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	875	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	876	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	877	// swallow all types of exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	878	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	879	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	880	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	881
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	882	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	883	int estimateFragmentSize(int packetSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	884	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	885	return packetSize - headerSize - macLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	886	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	887	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	888	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	889
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	890	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	891	class StreamWriteCipherGenerator implements WriteCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	892	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	893	public SSLWriteCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	894	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	895	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	896	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	897	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	898	return new StreamWriteCipher(authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	899	protocolVersion, algorithm, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	900	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	901
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	902	static final class StreamWriteCipher extends SSLWriteCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	903	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	904
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	905	StreamWriteCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	906	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	907	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	908	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	909	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	910	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	911	cipher.init(Cipher.ENCRYPT_MODE, key, params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	912	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	913
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	914	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	915	public int encrypt(byte contentType, ByteBuffer bb) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	916	// add message authentication code
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	917	MAC signer = (MAC)authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	918	if (signer.macAlg().size != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	919	addMac(signer, bb, contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	920	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	921	authenticator.increaseSequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	922	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	923
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	924	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	925	SSLLogger.finest(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	926	"Padded plaintext before ENCRYPTION", bb.duplicate());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	927	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	928
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	929	int len = bb.remaining();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	930	ByteBuffer dup = bb.duplicate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	931	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	932	if (len != cipher.update(dup, bb)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	933	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	934	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	935	"Unexpected number of plaintext bytes");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	936	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	937	if (bb.position() != dup.position()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	938	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	939	"Unexpected ByteBuffer position");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	940	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	941	} catch (ShortBufferException sbe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	942	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	943	throw new RuntimeException("Cipher buffering error in " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	944	"JCE provider " + cipher.getProvider().getName(), sbe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	945	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	946
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	947	return len;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	948	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	949
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	950	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	951	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	952	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	953	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	954	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	955	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	956	// swallow all types of exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	957	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	958	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	959	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	960
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	961	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	962	int getExplicitNonceSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	963	return 0;
2 90ce3da70b43 Initial load duke parents: diff changeset	964	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	965
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	966	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	967	int calculateFragmentSize(int packetLimit, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	968	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	969	return packetLimit - headerSize - macLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	970	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	971
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	972	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	973	int calculatePacketSize(int fragmentSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	974	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	975	return fragmentSize + headerSize + macLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	976	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	977	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	978	}
2 90ce3da70b43 Initial load duke parents: diff changeset	979
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	980	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	981	class T10BlockReadCipherGenerator implements ReadCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	982	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	983	public SSLReadCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	984	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	985	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	986	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	987	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	988	return new BlockReadCipher(authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	989	protocolVersion, algorithm, key, params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	990	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	991
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	992	static final class BlockReadCipher extends SSLReadCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	993	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	994
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	995	BlockReadCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	996	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	997	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	998	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	999	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1000	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1001	cipher.init(Cipher.DECRYPT_MODE, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	1002	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1003
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1004	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1005	public Plaintext decrypt(byte contentType, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1006	byte[] sequence) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1007	BadPaddingException reservedBPE = null;
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1008
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1009	// sanity check length of the ciphertext
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1010	MAC signer = (MAC)authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1011	int cipheredLength = bb.remaining();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1012	int tagLen = signer.macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1013	if (tagLen != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1014	if (!sanityCheck(tagLen, bb.remaining())) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1015	reservedBPE = new BadPaddingException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1016	"ciphertext sanity check failed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1017	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1018	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1019	// decryption
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1020	int len = bb.remaining();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1021	int pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1022	ByteBuffer dup = bb.duplicate();
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1023	try {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1024	if (len != cipher.update(dup, bb)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1025	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1026	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1027	"Unexpected number of plaintext bytes");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1028	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1029
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1030	if (bb.position() != dup.position()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1031	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1032	"Unexpected ByteBuffer position");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1033	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1034	} catch (ShortBufferException sbe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1035	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1036	throw new RuntimeException("Cipher buffering error in " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1037	"JCE provider " + cipher.getProvider().getName(), sbe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1038	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1039
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1040	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1041	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1042	"Padded plaintext after DECRYPTION",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1043	bb.duplicate().position(pos));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1044	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1045
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1046	// remove the block padding
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1047	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1048	bb.position(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1049	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1050	removePadding(bb, tagLen, blockSize, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1051	} catch (BadPaddingException bpe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1052	if (reservedBPE == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1053	reservedBPE = bpe;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1054	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1055	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1056
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1057	// Requires message authentication code for null, stream and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1058	// block cipher suites.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1059	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1060	if (tagLen != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1061	checkCBCMac(signer, bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1062	contentType, cipheredLength, sequence);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1063	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1064	authenticator.increaseSequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1065	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1066	} catch (BadPaddingException bpe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1067	if (reservedBPE == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1068	reservedBPE = bpe;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1069	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1070	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1071
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1072	// Is it a failover?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1073	if (reservedBPE != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1074	throw reservedBPE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1075	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1076
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1077	return new Plaintext(contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1078	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1079	-1, -1L, bb.slice());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1080	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1081
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1082	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1083	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1084	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1085	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1086	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1087	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1088	// swallow all types of exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1089	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1090	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1091	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1092
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1093	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1094	int estimateFragmentSize(int packetSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1095	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1096
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1097	// No padding for a maximum fragment.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1098	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1099	// 1 byte padding length field: 0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1100	return packetSize - headerSize - macLen - 1;
2 90ce3da70b43 Initial load duke parents: diff changeset	1101	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1102
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1103	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1104	* Sanity check the length of a fragment before decryption.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1105	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1106	* In CBC mode, check that the fragment length is one or multiple
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1107	* times of the block size of the cipher suite, and is at least
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1108	* one (one is the smallest size of padding in CBC mode) bigger
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1109	* than the tag size of the MAC algorithm except the explicit IV
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1110	* size for TLS 1.1 or later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1111	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1112	* In non-CBC mode, check that the fragment length is not less than
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1113	* the tag size of the MAC algorithm.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1114	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1115	* @return true if the length of a fragment matches above
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1116	* requirements
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1117	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1118	private boolean sanityCheck(int tagLen, int fragmentLen) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1119	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1120	if ((fragmentLen % blockSize) == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1121	int minimal = tagLen + 1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1122	minimal = (minimal >= blockSize) ? minimal : blockSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1123
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1124	return (fragmentLen >= minimal);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1125	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1126
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1127	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1128	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1129	}
90ce3da70b43 Initial load duke parents: diff changeset	1130	}
90ce3da70b43 Initial load duke parents: diff changeset	1131
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1132	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1133	class T10BlockWriteCipherGenerator implements WriteCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1134	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1135	public SSLWriteCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1136	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1137	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1138	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1139	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1140	return new BlockWriteCipher(authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1141	protocolVersion, algorithm, key, params, random);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1142	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1143
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1144	static final class BlockWriteCipher extends SSLWriteCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1145	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1146
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1147	BlockWriteCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1148	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1149	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1150	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1151	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1152	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1153	cipher.init(Cipher.ENCRYPT_MODE, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	1154	}
90ce3da70b43 Initial load duke parents: diff changeset	1155
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1156	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1157	public int encrypt(byte contentType, ByteBuffer bb) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1158	int pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1159
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1160	// add message authentication code
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1161	MAC signer = (MAC)authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1162	if (signer.macAlg().size != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1163	addMac(signer, bb, contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1164	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1165	authenticator.increaseSequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1166	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1167
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1168	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1169	int len = addPadding(bb, blockSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1170	bb.position(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1171
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1172	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1173	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1174	"Padded plaintext before ENCRYPTION",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1175	bb.duplicate());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1176	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1177
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1178	ByteBuffer dup = bb.duplicate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1179	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1180	if (len != cipher.update(dup, bb)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1181	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1182	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1183	"Unexpected number of plaintext bytes");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1184	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1185
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1186	if (bb.position() != dup.position()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1187	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1188	"Unexpected ByteBuffer position");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1189	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1190	} catch (ShortBufferException sbe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1191	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1192	throw new RuntimeException("Cipher buffering error in " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1193	"JCE provider " + cipher.getProvider().getName(), sbe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1194	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1195
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1196	return len;
2 90ce3da70b43 Initial load duke parents: diff changeset	1197	}
90ce3da70b43 Initial load duke parents: diff changeset	1198
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1199	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1200	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1201	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1202	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1203	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1204	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1205	// swallow all types of exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1206	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1207	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1208	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1209
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1210	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1211	int getExplicitNonceSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1212	return 0;
2 90ce3da70b43 Initial load duke parents: diff changeset	1213	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1214
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1215	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1216	int calculateFragmentSize(int packetLimit, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1217	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1218	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1219	int fragLen = packetLimit - headerSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1220	fragLen -= (fragLen % blockSize); // cannot hold a block
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1221	// No padding for a maximum fragment.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1222	fragLen -= 1; // 1 byte padding length field: 0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1223	fragLen -= macLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1224	return fragLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1225	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1226
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1227	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1228	int calculatePacketSize(int fragmentSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1229	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1230	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1231	int paddedLen = fragmentSize + macLen + 1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1232	if ((paddedLen % blockSize) != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1233	paddedLen += blockSize - 1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1234	paddedLen -= paddedLen % blockSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1235	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1236
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1237	return headerSize + paddedLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1238	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1239
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1240	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1241	boolean isCBCMode() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1242	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1243	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1244	}
90ce3da70b43 Initial load duke parents: diff changeset	1245	}
90ce3da70b43 Initial load duke parents: diff changeset	1246
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1247	// For TLS 1.1 and 1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1248	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1249	class T11BlockReadCipherGenerator implements ReadCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1250	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1251	public SSLReadCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1252	Authenticator authenticator, ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1253	String algorithm, Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1254	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1255	return new BlockReadCipher(authenticator, protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1256	sslCipher, algorithm, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	1257	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1258
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1259	static final class BlockReadCipher extends SSLReadCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1260	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1261
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1262	BlockReadCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1263	ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1264	SSLCipher sslCipher, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1265	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1266	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1267	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1268	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1269	if (params == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1270	params = new IvParameterSpec(new byte[sslCipher.ivSize]);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1271	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1272	cipher.init(Cipher.DECRYPT_MODE, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	1273	}
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	1274
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1275	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1276	public Plaintext decrypt(byte contentType, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1277	byte[] sequence) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1278	BadPaddingException reservedBPE = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1279
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1280	// sanity check length of the ciphertext
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1281	MAC signer = (MAC)authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1282	int cipheredLength = bb.remaining();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1283	int tagLen = signer.macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1284	if (tagLen != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1285	if (!sanityCheck(tagLen, bb.remaining())) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1286	reservedBPE = new BadPaddingException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1287	"ciphertext sanity check failed");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1288	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1289	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1290
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1291	// decryption
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1292	int len = bb.remaining();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1293	int pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1294	ByteBuffer dup = bb.duplicate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1295	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1296	if (len != cipher.update(dup, bb)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1297	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1298	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1299	"Unexpected number of plaintext bytes");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1300	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1301
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1302	if (bb.position() != dup.position()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1303	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1304	"Unexpected ByteBuffer position");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1305	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1306	} catch (ShortBufferException sbe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1307	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1308	throw new RuntimeException("Cipher buffering error in " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1309	"JCE provider " + cipher.getProvider().getName(), sbe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1310	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1311
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1312	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1313	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1314	"Padded plaintext after DECRYPTION",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1315	bb.duplicate().position(pos));
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1316	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1317
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1318	// Ignore the explicit nonce.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1319	bb.position(pos + cipher.getBlockSize());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1320	pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1321
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1322	// remove the block padding
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1323	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1324	bb.position(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1325	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1326	removePadding(bb, tagLen, blockSize, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1327	} catch (BadPaddingException bpe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1328	if (reservedBPE == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1329	reservedBPE = bpe;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1330	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1331	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1332
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1333	// Requires message authentication code for null, stream and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1334	// block cipher suites.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1335	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1336	if (tagLen != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1337	checkCBCMac(signer, bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1338	contentType, cipheredLength, sequence);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1339	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1340	authenticator.increaseSequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1341	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1342	} catch (BadPaddingException bpe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1343	if (reservedBPE == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1344	reservedBPE = bpe;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1345	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1346	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1347
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1348	// Is it a failover?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1349	if (reservedBPE != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1350	throw reservedBPE;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1351	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1352
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1353	return new Plaintext(contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1354	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1355	-1, -1L, bb.slice());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1356	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1357
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1358	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1359	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1360	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1361	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1362	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1363	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1364	// swallow all types of exceptions.
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1365	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	1366	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1367	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1368
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1369	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1370	int estimateFragmentSize(int packetSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1371	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1372
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1373	// No padding for a maximum fragment.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1374	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1375	// 1 byte padding length field: 0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1376	int nonceSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1377	return packetSize - headerSize - nonceSize - macLen - 1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1378	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1379
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1380	/**
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1381	* Sanity check the length of a fragment before decryption.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1382	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1383	* In CBC mode, check that the fragment length is one or multiple
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1384	* times of the block size of the cipher suite, and is at least
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1385	* one (one is the smallest size of padding in CBC mode) bigger
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1386	* than the tag size of the MAC algorithm except the explicit IV
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1387	* size for TLS 1.1 or later.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1388	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1389	* In non-CBC mode, check that the fragment length is not less than
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1390	* the tag size of the MAC algorithm.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1391	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1392	* @return true if the length of a fragment matches above
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1393	* requirements
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1394	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1395	private boolean sanityCheck(int tagLen, int fragmentLen) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1396	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1397	if ((fragmentLen % blockSize) == 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1398	int minimal = tagLen + 1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1399	minimal = (minimal >= blockSize) ? minimal : blockSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1400	minimal += blockSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1401
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1402	return (fragmentLen >= minimal);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1403	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1404
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1405	return false;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1406	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1407	}
90ce3da70b43 Initial load duke parents: diff changeset	1408	}
90ce3da70b43 Initial load duke parents: diff changeset	1409
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1410	// For TLS 1.1 and 1.2
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1411	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1412	class T11BlockWriteCipherGenerator implements WriteCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1413	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1414	public SSLWriteCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1415	Authenticator authenticator, ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1416	String algorithm, Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1417	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1418	return new BlockWriteCipher(authenticator, protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1419	sslCipher, algorithm, key, params, random);
2 90ce3da70b43 Initial load duke parents: diff changeset	1420	}
90ce3da70b43 Initial load duke parents: diff changeset	1421
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1422	static final class BlockWriteCipher extends SSLWriteCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1423	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1424	private final SecureRandom random;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1425
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1426	BlockWriteCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1427	ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1428	SSLCipher sslCipher, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1429	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1430	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1431	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1432	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1433	this.random = random;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1434	if (params == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1435	params = new IvParameterSpec(new byte[sslCipher.ivSize]);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1436	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1437	cipher.init(Cipher.ENCRYPT_MODE, key, params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1438	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1439
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1440	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1441	public int encrypt(byte contentType, ByteBuffer bb) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1442	// To be unique and aware of overflow-wrap, sequence number
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1443	// is used as the nonce_explicit of block cipher suites.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1444	int pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1445
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1446	// add message authentication code
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1447	MAC signer = (MAC)authenticator;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1448	if (signer.macAlg().size != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1449	addMac(signer, bb, contentType);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1450	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1451	authenticator.increaseSequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1452	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1453
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1454	// DON'T WORRY, the nonce spaces are considered already.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1455	byte[] nonce = new byte[cipher.getBlockSize()];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1456	random.nextBytes(nonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1457	pos = pos - nonce.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1458	bb.position(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1459	bb.put(nonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1460	bb.position(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1461
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1462	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1463	int len = addPadding(bb, blockSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1464	bb.position(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1465
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1466	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1467	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1468	"Padded plaintext before ENCRYPTION",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1469	bb.duplicate());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1470	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1471
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1472	ByteBuffer dup = bb.duplicate();
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1473	try {
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1474	if (len != cipher.update(dup, bb)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1475	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1476	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1477	"Unexpected number of plaintext bytes");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1478	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1479
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1480	if (bb.position() != dup.position()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1481	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1482	"Unexpected ByteBuffer position");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1483	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1484	} catch (ShortBufferException sbe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1485	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1486	throw new RuntimeException("Cipher buffering error in " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1487	"JCE provider " + cipher.getProvider().getName(), sbe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1488	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1489
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1490	return len;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1491	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1492
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1493	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1494	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1495	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1496	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1497	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1498	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1499	// swallow all types of exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1500	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1501	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1502	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1503
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1504	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1505	int getExplicitNonceSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1506	return cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1507	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1508
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1509	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1510	int calculateFragmentSize(int packetLimit, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1511	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1512	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1513	int fragLen = packetLimit - headerSize - blockSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1514	fragLen -= (fragLen % blockSize); // cannot hold a block
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1515	// No padding for a maximum fragment.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1516	fragLen -= 1; // 1 byte padding length field: 0x00
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1517	fragLen -= macLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1518	return fragLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1519	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1520
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1521	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1522	int calculatePacketSize(int fragmentSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1523	int macLen = ((MAC)authenticator).macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1524	int blockSize = cipher.getBlockSize();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1525	int paddedLen = fragmentSize + macLen + 1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1526	if ((paddedLen % blockSize) != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1527	paddedLen += blockSize - 1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1528	paddedLen -= paddedLen % blockSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1529	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1530
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1531	return headerSize + blockSize + paddedLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1532	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1533
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1534	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1535	boolean isCBCMode() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1536	return true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1537	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1538	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1539	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1540
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1541	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1542	class T12GcmReadCipherGenerator implements ReadCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1543	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1544	public SSLReadCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1545	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1546	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1547	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1548	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1549	return new GcmReadCipher(authenticator, protocolVersion, sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1550	algorithm, key, params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1551	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1552
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1553	static final class GcmReadCipher extends SSLReadCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1554	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1555	private final int tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1556	private final Key key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1557	private final byte[] fixedIv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1558	private final int recordIvSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1559	private final SecureRandom random;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1560
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1561	GcmReadCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1562	ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1563	SSLCipher sslCipher, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1564	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1565	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1566	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1567	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1568	this.tagSize = sslCipher.tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1569	this.key = key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1570	this.fixedIv = ((IvParameterSpec)params).getIV();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1571	this.recordIvSize = sslCipher.ivSize - sslCipher.fixedIvSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1572	this.random = random;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1573
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1574	// DON'T initialize the cipher for AEAD!
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1575	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1576
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1577	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1578	public Plaintext decrypt(byte contentType, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1579	byte[] sequence) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1580	if (bb.remaining() < (recordIvSize + tagSize)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1581	throw new BadPaddingException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1582	"Insufficient buffer remaining for AEAD cipher " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1583	"fragment (" + bb.remaining() + "). Needs to be " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1584	"more than or equal to IV size (" + recordIvSize +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1585	") + tag size (" + tagSize + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1586	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1587
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1588	// initialize the AEAD cipher for the unique IV
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1589	byte[] iv = Arrays.copyOf(fixedIv,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1590	fixedIv.length + recordIvSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1591	bb.get(iv, fixedIv.length, recordIvSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1592	GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1593	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1594	cipher.init(Cipher.DECRYPT_MODE, key, spec, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1595	} catch (InvalidKeyException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1596	InvalidAlgorithmParameterException ikae) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1597	// unlikely to happen
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1598	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1599	"invalid key or spec in GCM mode", ikae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1600	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1601
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1602	// update the additional authentication data
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1603	byte[] aad = authenticator.acquireAuthenticationBytes(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1604	contentType, bb.remaining() - tagSize,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1605	sequence);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1606	cipher.updateAAD(aad);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1607
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1608	// DON'T decrypt the nonce_explicit for AEAD mode. The buffer
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1609	// position has moved out of the nonce_explicit range.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1610	int len, pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1611	ByteBuffer dup = bb.duplicate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1612	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1613	len = cipher.doFinal(dup, bb);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1614	} catch (IllegalBlockSizeException ibse) {
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1615	// unlikely to happen
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1616	throw new RuntimeException(
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1617	"Cipher error in AEAD mode \"" + ibse.getMessage() +
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1618	" \"in JCE provider " + cipher.getProvider().getName());
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1619	} catch (ShortBufferException sbe) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1620	// catch BouncyCastle buffering error
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1621	throw new RuntimeException("Cipher buffering error in " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1622	"JCE provider " + cipher.getProvider().getName(), sbe);
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1623	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1624	// reset the limit to the end of the decrypted data
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1625	bb.position(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1626	bb.limit(pos + len);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1627
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1628	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1629	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1630	"Plaintext after DECRYPTION", bb.duplicate());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1631	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1632
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1633	return new Plaintext(contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1634	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1635	-1, -1L, bb.slice());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1636	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1637
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1638	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1639	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1640	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1641	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1642	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1643	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1644	// swallow all types of exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1645	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1646	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1647	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1648
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1649	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1650	int estimateFragmentSize(int packetSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1651	return packetSize - headerSize - recordIvSize - tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1652	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1653	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1654	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1655
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1656	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1657	class T12GcmWriteCipherGenerator implements WriteCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1658	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1659	public SSLWriteCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1660	Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1661	ProtocolVersion protocolVersion, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1662	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1663	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1664	return new GcmWriteCipher(authenticator, protocolVersion, sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1665	algorithm, key, params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1666	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1667
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1668	private static final class GcmWriteCipher extends SSLWriteCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1669	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1670	private final int tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1671	private final Key key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1672	private final byte[] fixedIv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1673	private final int recordIvSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1674	private final SecureRandom random;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1675
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1676	GcmWriteCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1677	ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1678	SSLCipher sslCipher, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1679	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1680	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1681	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1682	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1683	this.tagSize = sslCipher.tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1684	this.key = key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1685	this.fixedIv = ((IvParameterSpec)params).getIV();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1686	this.recordIvSize = sslCipher.ivSize - sslCipher.fixedIvSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1687	this.random = random;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1688
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1689	// DON'T initialize the cipher for AEAD!
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1690	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1691
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1692	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1693	public int encrypt(byte contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1694	ByteBuffer bb) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1695	// To be unique and aware of overflow-wrap, sequence number
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1696	// is used as the nonce_explicit of AEAD cipher suites.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1697	byte[] nonce = authenticator.sequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1698
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1699	// initialize the AEAD cipher for the unique IV
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1700	byte[] iv = Arrays.copyOf(fixedIv,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1701	fixedIv.length + nonce.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1702	System.arraycopy(nonce, 0, iv, fixedIv.length, nonce.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1703
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1704	GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1705	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1706	cipher.init(Cipher.ENCRYPT_MODE, key, spec, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1707	} catch (InvalidKeyException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1708	InvalidAlgorithmParameterException ikae) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1709	// unlikely to happen
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1710	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1711	"invalid key or spec in GCM mode", ikae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1712	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1713
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1714	// Update the additional authentication data, using the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1715	// implicit sequence number of the authenticator.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1716	byte[] aad = authenticator.acquireAuthenticationBytes(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1717	contentType, bb.remaining(), null);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1718	cipher.updateAAD(aad);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1719
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1720	// DON'T WORRY, the nonce spaces are considered already.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1721	bb.position(bb.position() - nonce.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1722	bb.put(nonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1723
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1724	// DON'T encrypt the nonce for AEAD mode.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1725	int len, pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1726	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1727	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1728	"Plaintext before ENCRYPTION",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1729	bb.duplicate());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1730	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1731
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1732	ByteBuffer dup = bb.duplicate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1733	int outputSize = cipher.getOutputSize(dup.remaining());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1734	if (outputSize > bb.remaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1735	// Need to expand the limit of the output buffer for
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1736	// the authentication tag.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1737	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1738	// DON'T worry about the buffer's capacity, we have
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1739	// reserved space for the authentication tag.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1740	bb.limit(pos + outputSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1741	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1742
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1743	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1744	len = cipher.doFinal(dup, bb);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1745	} catch (IllegalBlockSizeException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1746	BadPaddingException \| ShortBufferException ibse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1747	// unlikely to happen
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1748	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1749	"Cipher error in AEAD mode in JCE provider " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1750	cipher.getProvider().getName(), ibse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1751	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1752
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1753	if (len != outputSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1754	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1755	"Cipher buffering error in JCE provider " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1756	cipher.getProvider().getName());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1757	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1758
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1759	return len + nonce.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1760	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1761
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1762	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1763	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1764	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1765	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1766	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1767	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1768	// swallow all types of exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1769	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1770	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1771	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1772
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1773	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1774	int getExplicitNonceSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1775	return recordIvSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1776	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1777
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1778	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1779	int calculateFragmentSize(int packetLimit, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1780	return packetLimit - headerSize - recordIvSize - tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1781	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1782
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1783	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1784	int calculatePacketSize(int fragmentSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1785	return fragmentSize + headerSize + recordIvSize + tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1786	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1787	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1788	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1789
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1790	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1791	class T13GcmReadCipherGenerator implements ReadCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1792
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1793	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1794	public SSLReadCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1795	Authenticator authenticator, ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1796	String algorithm, Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1797	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1798	return new GcmReadCipher(authenticator, protocolVersion, sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1799	algorithm, key, params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1800	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1801
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1802	static final class GcmReadCipher extends SSLReadCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1803	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1804	private final int tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1805	private final Key key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1806	private final byte[] iv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1807	private final SecureRandom random;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1808
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1809	GcmReadCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1810	ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1811	SSLCipher sslCipher, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1812	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1813	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1814	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1815	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1816	this.tagSize = sslCipher.tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1817	this.key = key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1818	this.iv = ((IvParameterSpec)params).getIV();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1819	this.random = random;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1820
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1821	keyLimitCountdown = cipherLimits.getOrDefault(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1822	algorithm.toUpperCase() + ":" + tag[0], 0L);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1823	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1824	SSLLogger.fine("KeyLimit read side: algorithm = " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1825	algorithm.toUpperCase() + ":" + tag[0] +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1826	"\ncountdown value = " + keyLimitCountdown);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1827	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1828	if (keyLimitCountdown > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1829	keyLimitEnabled = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1830	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1831	// DON'T initialize the cipher for AEAD!
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1832	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1833
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1834	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1835	public Plaintext decrypt(byte contentType, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1836	byte[] sequence) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1837	// An implementation may receive an unencrypted record of type
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1838	// change_cipher_spec consisting of the single byte value 0x01
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1839	// at any time after the first ClientHello message has been
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1840	// sent or received and before the peer's Finished message has
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1841	// been received and MUST simply drop it without further
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1842	// processing.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1843	if (contentType == ContentType.CHANGE_CIPHER_SPEC.id) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1844	return new Plaintext(contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1845	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1846	-1, -1L, bb.slice());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1847	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1848
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1849	if (bb.remaining() <= tagSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1850	throw new BadPaddingException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1851	"Insufficient buffer remaining for AEAD cipher " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1852	"fragment (" + bb.remaining() + "). Needs to be " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1853	"more than tag size (" + tagSize + ")");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1854	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1855
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1856	byte[] sn = sequence;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1857	if (sn == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1858	sn = authenticator.sequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1859	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1860	byte[] nonce = iv.clone();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1861	int offset = nonce.length - sn.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1862	for (int i = 0; i < sn.length; i++) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1863	nonce[offset + i] ^= sn[i];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1864	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1865
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1866	// initialize the AEAD cipher for the unique IV
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1867	GCMParameterSpec spec =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1868	new GCMParameterSpec(tagSize * 8, nonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1869	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1870	cipher.init(Cipher.DECRYPT_MODE, key, spec, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1871	} catch (InvalidKeyException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1872	InvalidAlgorithmParameterException ikae) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1873	// unlikely to happen
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1874	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1875	"invalid key or spec in GCM mode", ikae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1876	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1877
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1878	// Update the additional authentication data, using the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1879	// implicit sequence number of the authenticator.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1880	byte[] aad = authenticator.acquireAuthenticationBytes(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1881	contentType, bb.remaining(), sn);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1882	cipher.updateAAD(aad);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1883
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1884	int len, pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1885	ByteBuffer dup = bb.duplicate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1886	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1887	len = cipher.doFinal(dup, bb);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1888	} catch (IllegalBlockSizeException ibse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1889	// unlikely to happen
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1890	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1891	"Cipher error in AEAD mode \"" + ibse.getMessage() +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1892	" \"in JCE provider " + cipher.getProvider().getName());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1893	} catch (ShortBufferException sbe) {
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1894	// catch BouncyCastle buffering error
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1895	throw new RuntimeException("Cipher buffering error in " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1896	"JCE provider " + cipher.getProvider().getName(), sbe);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1897	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1898	// reset the limit to the end of the decrypted data
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1899	bb.position(pos);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1900	bb.limit(pos + len);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1901
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1902	// remove inner plaintext padding
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1903	int i = bb.limit() - 1;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1904	for (; i > 0 && bb.get(i) == 0; i--) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1905	// blank
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1906	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1907	if (i < (pos + 1)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1908	throw new BadPaddingException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1909	"Incorrect inner plaintext: no content type");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1910	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1911	contentType = bb.get(i);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1912	bb.limit(i);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1913
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1914	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1915	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1916	"Plaintext after DECRYPTION", bb.duplicate());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1917	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1918	if (keyLimitEnabled) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1919	keyLimitCountdown -= len;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1920	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1921
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1922	return new Plaintext(contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1923	ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1924	-1, -1L, bb.slice());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1925	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1926
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1927	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1928	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1929	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1930	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1931	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1932	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1933	// swallow all types of exceptions.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1934	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1935	}
2 90ce3da70b43 Initial load duke parents: diff changeset	1936	}
90ce3da70b43 Initial load duke parents: diff changeset	1937
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1938	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1939	int estimateFragmentSize(int packetSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1940	return packetSize - headerSize - tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1941	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1942	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1943	}
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	1944
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1945	private static final
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1946	class T13GcmWriteCipherGenerator implements WriteCipherGenerator {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1947	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1948	public SSLWriteCipher createCipher(SSLCipher sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1949	Authenticator authenticator, ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1950	String algorithm, Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1951	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1952	return new GcmWriteCipher(authenticator, protocolVersion, sslCipher,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1953	algorithm, key, params, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1954	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1955
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1956	private static final class GcmWriteCipher extends SSLWriteCipher {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1957	private final Cipher cipher;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1958	private final int tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1959	private final Key key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1960	private final byte[] iv;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1961	private final SecureRandom random;
2 90ce3da70b43 Initial load duke parents: diff changeset	1962
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1963	GcmWriteCipher(Authenticator authenticator,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1964	ProtocolVersion protocolVersion,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1965	SSLCipher sslCipher, String algorithm,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1966	Key key, AlgorithmParameterSpec params,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1967	SecureRandom random) throws GeneralSecurityException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1968	super(authenticator, protocolVersion);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1969	this.cipher = JsseJce.getCipher(algorithm);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1970	this.tagSize = sslCipher.tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1971	this.key = key;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1972	this.iv = ((IvParameterSpec)params).getIV();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1973	this.random = random;
2 90ce3da70b43 Initial load duke parents: diff changeset	1974
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1975	keyLimitCountdown = cipherLimits.getOrDefault(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1976	algorithm.toUpperCase() + ":" + tag[0], 0L);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1977	if (SSLLogger.isOn && SSLLogger.isOn("ssl")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1978	SSLLogger.fine("KeyLimit write side: algorithm = "
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1979	+ algorithm.toUpperCase() + ":" + tag[0] +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1980	"\ncountdown value = " + keyLimitCountdown);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1981	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1982	if (keyLimitCountdown > 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1983	keyLimitEnabled = true;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1984	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1985
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1986	// DON'T initialize the cipher for AEAD!
2 90ce3da70b43 Initial load duke parents: diff changeset	1987	}
90ce3da70b43 Initial load duke parents: diff changeset	1988
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1989	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1990	public int encrypt(byte contentType,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1991	ByteBuffer bb) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1992	byte[] sn = authenticator.sequenceNumber();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1993	byte[] nonce = iv.clone();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1994	int offset = nonce.length - sn.length;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1995	for (int i = 0; i < sn.length; i++) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1996	nonce[offset + i] ^= sn[i];
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1997	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1998
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	1999	// initialize the AEAD cipher for the unique IV
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2000	GCMParameterSpec spec =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2001	new GCMParameterSpec(tagSize * 8, nonce);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2002	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2003	cipher.init(Cipher.ENCRYPT_MODE, key, spec, random);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2004	} catch (InvalidKeyException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2005	InvalidAlgorithmParameterException ikae) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2006	// unlikely to happen
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2007	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2008	"invalid key or spec in GCM mode", ikae);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2009	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2010
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2011	// Update the additional authentication data, using the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2012	// implicit sequence number of the authenticator.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2013	int outputSize = cipher.getOutputSize(bb.remaining());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2014	byte[] aad = authenticator.acquireAuthenticationBytes(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2015	contentType, outputSize, sn);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2016	cipher.updateAAD(aad);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2017
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2018	int len, pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2019	if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2020	SSLLogger.fine(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2021	"Plaintext before ENCRYPTION",
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2022	bb.duplicate());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2023	}
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	2024
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2025	ByteBuffer dup = bb.duplicate();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2026	if (outputSize > bb.remaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2027	// Need to expand the limit of the output buffer for
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2028	// the authentication tag.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2029	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2030	// DON'T worry about the buffer's capacity, we have
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2031	// reserved space for the authentication tag.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2032	bb.limit(pos + outputSize);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2033	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2034
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2035	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2036	len = cipher.doFinal(dup, bb);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2037	} catch (IllegalBlockSizeException \|
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2038	BadPaddingException \| ShortBufferException ibse) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2039	// unlikely to happen
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2040	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2041	"Cipher error in AEAD mode in JCE provider " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2042	cipher.getProvider().getName(), ibse);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2043	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2044
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2045	if (len != outputSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2046	throw new RuntimeException(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2047	"Cipher buffering error in JCE provider " +
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2048	cipher.getProvider().getName());
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2049	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2050
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2051	if (keyLimitEnabled) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2052	keyLimitCountdown -= len;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2053	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2054	return len;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2055	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2056
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2057	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2058	void dispose() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2059	if (cipher != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2060	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2061	cipher.doFinal();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2062	} catch (Exception e) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2063	// swallow all types of exceptions.
7039 6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	2064	}
6464c8e62a18 4873188: Support TLS 1.1 xuelei parents: 5506 diff changeset	2065	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2066	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2067
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2068	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2069	int getExplicitNonceSize() {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2070	return 0;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2071	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2072
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2073	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2074	int calculateFragmentSize(int packetLimit, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2075	return packetLimit - headerSize - tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2076	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2077
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2078	@Override
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2079	int calculatePacketSize(int fragmentSize, int headerSize) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2080	return fragmentSize + headerSize + tagSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2081	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2082	}
90ce3da70b43 Initial load duke parents: diff changeset	2083	}
90ce3da70b43 Initial load duke parents: diff changeset	2084
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2085	private static void addMac(MAC signer,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2086	ByteBuffer destination, byte contentType) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2087	if (signer.macAlg().size != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2088	int dstContent = destination.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2089	byte[] hash = signer.compute(contentType, destination, false);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2090
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2091	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2092	* position was advanced to limit in MAC compute above.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2093	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2094	* Mark next area as writable (above layers should have
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2095	* established that we have plenty of room), then write
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2096	* out the hash.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2097	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2098	destination.limit(destination.limit() + hash.length);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2099	destination.put(hash);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2100
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2101	// reset the position and limit
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2102	destination.position(dstContent);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2103	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2104	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2105
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2106	// for null and stream cipher
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2107	private static void checkStreamMac(MAC signer, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2108	byte contentType, byte[] sequence) throws BadPaddingException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2109	int tagLen = signer.macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2110
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2111	// Requires message authentication code for null, stream and
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2112	// block cipher suites.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2113	if (tagLen != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2114	int contentLen = bb.remaining() - tagLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2115	if (contentLen < 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2116	throw new BadPaddingException("bad record");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2117	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2118
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2119	// Run MAC computation and comparison on the payload.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2120	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2121	// MAC data would be stripped off during the check.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2122	if (checkMacTags(contentType, bb, signer, sequence, false)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2123	throw new BadPaddingException("bad record MAC");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2124	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2125	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2126	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2127
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2128	// for CBC cipher
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2129	private static void checkCBCMac(MAC signer, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2130	byte contentType, int cipheredLength,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2131	byte[] sequence) throws BadPaddingException {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2132	BadPaddingException reservedBPE = null;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2133	int tagLen = signer.macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2134	int pos = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2135
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2136	if (tagLen != 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2137	int contentLen = bb.remaining() - tagLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2138	if (contentLen < 0) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2139	reservedBPE = new BadPaddingException("bad record");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2140
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2141	// set offset of the dummy MAC
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2142	contentLen = cipheredLength - tagLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2143	bb.limit(pos + cipheredLength);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2144	}
2 90ce3da70b43 Initial load duke parents: diff changeset	2145
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2146	// Run MAC computation and comparison on the payload.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2147	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2148	// MAC data would be stripped off during the check.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2149	if (checkMacTags(contentType, bb, signer, sequence, false)) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2150	if (reservedBPE == null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2151	reservedBPE =
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2152	new BadPaddingException("bad record MAC");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2153	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2154	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2155
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2156	// Run MAC computation and comparison on the remainder.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2157	int remainingLen = calculateRemainingLen(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2158	signer, cipheredLength, contentLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2159
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2160	// NOTE: remainingLen may be bigger (less than 1 block of the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2161	// hash algorithm of the MAC) than the cipheredLength.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2162	//
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2163	// Is it possible to use a static buffer, rather than allocate
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2164	// it dynamically?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2165	remainingLen += signer.macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2166	ByteBuffer temporary = ByteBuffer.allocate(remainingLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2167
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2168	// Won't need to worry about the result on the remainder. And
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2169	// then we won't need to worry about what's actual data to
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2170	// check MAC tag on. We start the check from the header of the
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2171	// buffer so that we don't need to construct a new byte buffer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2172	checkMacTags(contentType, temporary, signer, sequence, true);
2 90ce3da70b43 Initial load duke parents: diff changeset	2173	}
90ce3da70b43 Initial load duke parents: diff changeset	2174
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2175	// Is it a failover?
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2176	if (reservedBPE != null) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2177	throw reservedBPE;
2 90ce3da70b43 Initial load duke parents: diff changeset	2178	}
90ce3da70b43 Initial load duke parents: diff changeset	2179	}
90ce3da70b43 Initial load duke parents: diff changeset	2180
90ce3da70b43 Initial load duke parents: diff changeset	2181	/*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2182	* Run MAC computation and comparison
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2183	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2184	private static boolean checkMacTags(byte contentType, ByteBuffer bb,
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2185	MAC signer, byte[] sequence, boolean isSimulated) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2186	int tagLen = signer.macAlg().size;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2187	int position = bb.position();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2188	int lim = bb.limit();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2189	int macOffset = lim - tagLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2190
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2191	bb.limit(macOffset);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2192	byte[] hash = signer.compute(contentType, bb, sequence, isSimulated);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2193	if (hash == null \|\| tagLen != hash.length) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2194	// Something is wrong with MAC implementation.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2195	throw new RuntimeException("Internal MAC error");
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2196	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2197
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2198	bb.position(macOffset);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2199	bb.limit(lim);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2200	try {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2201	int[] results = compareMacTags(bb, hash);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2202	return (results[0] != 0);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2203	} finally {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2204	// reset to the data
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2205	bb.position(position);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2206	bb.limit(macOffset);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2207	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2208	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2209
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2210	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2211	* A constant-time comparison of the MAC tags.
2 90ce3da70b43 Initial load duke parents: diff changeset	2212	*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2213	* Please DON'T change the content of the ByteBuffer parameter!
2 90ce3da70b43 Initial load duke parents: diff changeset	2214	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2215	private static int[] compareMacTags(ByteBuffer bb, byte[] tag) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2216	// An array of hits is used to prevent Hotspot optimization for
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2217	// the purpose of a constant-time check.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2218	int[] results = {0, 0}; // {missed #, matched #}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2219
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2220	// The caller ensures there are enough bytes available in the buffer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2221	// So we won't need to check the remaining of the buffer.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2222	for (byte t : tag) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2223	if (bb.get() != t) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2224	results[0]++; // mismatched bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2225	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2226	results[1]++; // matched bytes
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2227	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2228	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2229
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2230	return results;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2231	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2232
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2233	/*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2234	* Calculate the length of a dummy buffer to run MAC computation
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2235	* and comparison on the remainder.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2236	*
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2237	* The caller MUST ensure that the fullLen is not less than usedLen.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2238	*/
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2239	private static int calculateRemainingLen(
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2240	MAC signer, int fullLen, int usedLen) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2241
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2242	int blockLen = signer.macAlg().hashBlockSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2243	int minimalPaddingLen = signer.macAlg().minimalPaddingSize;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2244
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2245	// (blockLen - minimalPaddingLen) is the maximum message size of
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2246	// the last block of hash function operation. See FIPS 180-4, or
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2247	// MD5 specification.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2248	fullLen += 13 - (blockLen - minimalPaddingLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2249	usedLen += 13 - (blockLen - minimalPaddingLen);
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2250
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2251	// Note: fullLen is always not less than usedLen, and blockLen
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2252	// is always bigger than minimalPaddingLen, so we don't worry
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2253	// about negative values. 0x01 is added to the result to ensure
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2254	// that the return value is positive. The extra one byte does
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2255	// not impact the overall MAC compression function evaluations.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2256	return 0x01 + (int)(Math.ceil(fullLen/(1.0d * blockLen)) -
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2257	Math.ceil(usedLen/(1.0d * blockLen))) * blockLen;
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2258	}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2259
2 90ce3da70b43 Initial load duke parents: diff changeset	2260	private static int addPadding(ByteBuffer bb, int blockSize) {
90ce3da70b43 Initial load duke parents: diff changeset	2261
90ce3da70b43 Initial load duke parents: diff changeset	2262	int len = bb.remaining();
90ce3da70b43 Initial load duke parents: diff changeset	2263	int offset = bb.position();
90ce3da70b43 Initial load duke parents: diff changeset	2264
90ce3da70b43 Initial load duke parents: diff changeset	2265	int newlen = len + 1;
90ce3da70b43 Initial load duke parents: diff changeset	2266	byte pad;
90ce3da70b43 Initial load duke parents: diff changeset	2267	int i;
90ce3da70b43 Initial load duke parents: diff changeset	2268
90ce3da70b43 Initial load duke parents: diff changeset	2269	if ((newlen % blockSize) != 0) {
90ce3da70b43 Initial load duke parents: diff changeset	2270	newlen += blockSize - 1;
90ce3da70b43 Initial load duke parents: diff changeset	2271	newlen -= newlen % blockSize;
90ce3da70b43 Initial load duke parents: diff changeset	2272	}
90ce3da70b43 Initial load duke parents: diff changeset	2273	pad = (byte) (newlen - len);
90ce3da70b43 Initial load duke parents: diff changeset	2274
90ce3da70b43 Initial load duke parents: diff changeset	2275	/*
90ce3da70b43 Initial load duke parents: diff changeset	2276	* Update the limit to what will be padded.
90ce3da70b43 Initial load duke parents: diff changeset	2277	*/
90ce3da70b43 Initial load duke parents: diff changeset	2278	bb.limit(newlen + offset);
90ce3da70b43 Initial load duke parents: diff changeset	2279
90ce3da70b43 Initial load duke parents: diff changeset	2280	/*
90ce3da70b43 Initial load duke parents: diff changeset	2281	* TLS version of the padding works for both SSLv3 and TLSv1
90ce3da70b43 Initial load duke parents: diff changeset	2282	*/
90ce3da70b43 Initial load duke parents: diff changeset	2283	for (i = 0, offset += len; i < pad; i++) {
90ce3da70b43 Initial load duke parents: diff changeset	2284	bb.put(offset++, (byte) (pad - 1));
90ce3da70b43 Initial load duke parents: diff changeset	2285	}
90ce3da70b43 Initial load duke parents: diff changeset	2286
90ce3da70b43 Initial load duke parents: diff changeset	2287	bb.position(offset);
90ce3da70b43 Initial load duke parents: diff changeset	2288	bb.limit(offset);
90ce3da70b43 Initial load duke parents: diff changeset	2289
90ce3da70b43 Initial load duke parents: diff changeset	2290	return newlen;
90ce3da70b43 Initial load duke parents: diff changeset	2291	}
90ce3da70b43 Initial load duke parents: diff changeset	2292
90ce3da70b43 Initial load duke parents: diff changeset	2293	private static int removePadding(ByteBuffer bb,
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2294	int tagLen, int blockSize,
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2295	ProtocolVersion protocolVersion) throws BadPaddingException {
2 90ce3da70b43 Initial load duke parents: diff changeset	2296	int len = bb.remaining();
90ce3da70b43 Initial load duke parents: diff changeset	2297	int offset = bb.position();
90ce3da70b43 Initial load duke parents: diff changeset	2298
90ce3da70b43 Initial load duke parents: diff changeset	2299	// last byte is length byte (i.e. actual padding length - 1)
90ce3da70b43 Initial load duke parents: diff changeset	2300	int padOffset = offset + len - 1;
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2301	int padLen = bb.get(padOffset) & 0xFF;
2 90ce3da70b43 Initial load duke parents: diff changeset	2302
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2303	int newLen = len - (padLen + 1);
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2304	if ((newLen - tagLen) < 0) {
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2305	// If the buffer is not long enough to contain the padding plus
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2306	// a MAC tag, do a dummy constant-time padding check.
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2307	//
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2308	// Note that it is a dummy check, so we won't care about what is
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2309	// the actual padding data.
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2310	checkPadding(bb.duplicate(), (byte)(padLen & 0xFF));
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2311
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2312	throw new BadPaddingException("Invalid Padding length: " + padLen);
2 90ce3da70b43 Initial load duke parents: diff changeset	2313	}
90ce3da70b43 Initial load duke parents: diff changeset	2314
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2315	// The padding data should be filled with the padding length value.
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2316	int[] results = checkPadding(
27292 7ff4b24b33ce 4774077: Use covariant return types in the NIO buffer hierarchy rwarburton parents: 25859 diff changeset	2317	bb.duplicate().position(offset + newLen),
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2318	(byte)(padLen & 0xFF));
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2319	if (protocolVersion.useTLS10PlusSpec()) {
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2320	if (results[0] != 0) { // padding data has invalid bytes
946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2321	throw new BadPaddingException("Invalid TLS padding data");
2 90ce3da70b43 Initial load duke parents: diff changeset	2322	}
90ce3da70b43 Initial load duke parents: diff changeset	2323	} else { // SSLv3
90ce3da70b43 Initial load duke parents: diff changeset	2324	// SSLv3 requires 0 <= length byte < block size
90ce3da70b43 Initial load duke parents: diff changeset	2325	// some implementations do 1 <= length byte <= block size,
90ce3da70b43 Initial load duke parents: diff changeset	2326	// so accept that as well
90ce3da70b43 Initial load duke parents: diff changeset	2327	// v3 does not require any particular value for the other bytes
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2328	if (padLen > blockSize) {
40544 807dd9a425db 8150530: Improve javax.crypto.BadPaddingException messages coffeys parents: 34826 diff changeset	2329	throw new BadPaddingException("Padding length (" +
807dd9a425db 8150530: Improve javax.crypto.BadPaddingException messages coffeys parents: 34826 diff changeset	2330	padLen + ") of SSLv3 message should not be bigger " +
807dd9a425db 8150530: Improve javax.crypto.BadPaddingException messages coffeys parents: 34826 diff changeset	2331	"than the block size (" + blockSize + ")");
2 90ce3da70b43 Initial load duke parents: diff changeset	2332	}
90ce3da70b43 Initial load duke parents: diff changeset	2333	}
90ce3da70b43 Initial load duke parents: diff changeset	2334
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2335	// Reset buffer limit to remove padding.
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2336	bb.limit(offset + newLen);
2 90ce3da70b43 Initial load duke parents: diff changeset	2337
16113 946ec9b22004 8006777: Improve TLS handling of invalid messages xuelei parents: 14664 diff changeset	2338	return newLen;
2 90ce3da70b43 Initial load duke parents: diff changeset	2339	}
1763 0a6b65d56746 6750401: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider wetmore parents: 2 diff changeset	2340
0a6b65d56746 6750401: SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider wetmore parents: 2 diff changeset	2341	/*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2342	* A constant-time check of the padding.
10915 1e20964cebf3 7064341: jsse/runtime security problem xuelei parents: 7039 diff changeset	2343	*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2344	* NOTE that we are checking both the padding and the padLen bytes here.
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2345	*
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2346	* The caller MUST ensure that the bb parameter has remaining.
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2347	*/
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2348	private static int[] checkPadding(ByteBuffer bb, byte pad) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2349	if (!bb.hasRemaining()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2350	throw new RuntimeException("hasRemaining() must be positive");
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2351	}
a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2352
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2353	// An array of hits is used to prevent Hotspot optimization for
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2354	// the purpose of a constant-time check.
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2355	int[] results = {0, 0}; // {missed #, matched #}
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2356	bb.mark();
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2357	for (int i = 0; i <= 256; bb.reset()) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2358	for (; bb.hasRemaining() && i <= 256; i++) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2359	if (bb.get() != pad) {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2360	results[0]++; // mismatched padding data
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2361	} else {
68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2362	results[1]++; // matched padding data
16913 a6f4d1626ad9 8011680: Re-integrate AEAD implementation of JSSE xuelei parents: 16126 diff changeset	2363	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2364	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2365	}
ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2366
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2367	return results;
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2368	}
50768 68fa3d4026ea 8196584: TLS 1.3 Implementation xuelei parents: 47216 diff changeset	2369	}
30904 ec0224270f90 8043758: Datagram Transport Layer Security (DTLS) xuelei parents: 29488 diff changeset	2370

author	wetmore
	Tue, 21 Aug 2018 11:30:48 -0700
changeset 51574	ed52ea83f830
parent 50768	68fa3d4026ea
child 51773	720fd6544b03
permissions	-rw-r--r--