jdk-sandbox: jdk/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java@ed60b6527f64 (annotated)

15008 6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	1	/*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	2	* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	4	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
16748 ed60b6527f64 8012048: JDK8 b85 source with GPL header errors katleman parents: 15008 diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
15008 6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	10	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	15	* accompanied this code).
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	16	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	20	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	23	* questions.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	24	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	25
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	26	package com.sun.crypto.provider;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	27
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	28	import java.util.Arrays;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	29	import java.io.*;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	30	import java.security.*;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	31	import javax.crypto.*;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	32	import static com.sun.crypto.provider.AESConstants.AES_BLOCK_SIZE;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	33
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	34	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	35	* This class represents ciphers in GaloisCounter (GCM) mode.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	36	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	37	* <p>This mode currently should only be used w/ AES cipher.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	38	* Although no checking is done here, caller should only
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	39	* pass AES Cipher to the constructor.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	40	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	41	* <p>NOTE: This class does not deal with buffering or padding.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	42	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	43	* @since 1.8
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	44	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	45	final class GaloisCounterMode extends FeedbackCipher {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	46
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	47	static int DEFAULT_TAG_LEN = AES_BLOCK_SIZE;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	48	static int DEFAULT_IV_LEN = 12; // in bytes
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	49
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	50	// buffer for AAD data; if null, meaning update has been called
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	51	private ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	52	private int sizeOfAAD = 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	53
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	54	// in bytes; need to convert to bits (default value 128) when needed
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	55	private int tagLenBytes = DEFAULT_TAG_LEN;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	56
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	57	// these following 2 fields can only be initialized after init() is
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	58	// called, e.g. after cipher key k is set, and STAY UNCHANGED
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	59	private byte[] subkeyH = null;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	60	private byte[] preCounterBlock = null;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	61
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	62	private GCTR gctrPAndC = null;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	63	private GHASH ghashAllToS = null;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	64
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	65	// length of total data, i.e. len(C)
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	66	private int processed = 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	67
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	68	// additional variables for save/restore calls
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	69	private byte[] aadBufferSave = null;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	70	private int sizeOfAADSave = 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	71	private int processedSave = 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	72
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	73	// value must be 16-byte long; used by GCTR and GHASH as well
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	74	static void increment32(byte[] value) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	75	if (value.length != AES_BLOCK_SIZE) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	76	throw new RuntimeException("Unexpected counter block length");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	77	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	78	// start from last byte and only go over 4 bytes, i.e. total 32 bits
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	79	int n = value.length - 1;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	80	while ((n >= value.length - 4) && (++value[n] == 0)) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	81	n--;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	82	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	83	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	84
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	85	// ivLen in bits
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	86	private static byte[] getLengthBlock(int ivLen) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	87	byte[] out = new byte[AES_BLOCK_SIZE];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	88	out[12] = (byte)(ivLen >>> 24);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	89	out[13] = (byte)(ivLen >>> 16);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	90	out[14] = (byte)(ivLen >>> 8);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	91	out[15] = (byte)ivLen;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	92	return out;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	93	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	94
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	95	// aLen and cLen both in bits
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	96	private static byte[] getLengthBlock(int aLen, int cLen) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	97	byte[] out = new byte[AES_BLOCK_SIZE];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	98	out[4] = (byte)(aLen >>> 24);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	99	out[5] = (byte)(aLen >>> 16);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	100	out[6] = (byte)(aLen >>> 8);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	101	out[7] = (byte)aLen;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	102	out[12] = (byte)(cLen >>> 24);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	103	out[13] = (byte)(cLen >>> 16);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	104	out[14] = (byte)(cLen >>> 8);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	105	out[15] = (byte)cLen;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	106	return out;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	107	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	108
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	109	private static byte[] expandToOneBlock(byte[] in, int inOfs, int len) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	110	if (len > AES_BLOCK_SIZE) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	111	throw new ProviderException("input " + len + " too long");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	112	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	113	if (len == AES_BLOCK_SIZE && inOfs == 0) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	114	return in;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	115	} else {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	116	byte[] paddedIn = new byte[AES_BLOCK_SIZE];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	117	System.arraycopy(in, inOfs, paddedIn, 0, len);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	118	return paddedIn;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	119	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	120	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	121
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	122	private static byte[] getJ0(byte[] iv, byte[] subkeyH) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	123	byte[] j0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	124	if (iv.length == 12) { // 96 bits
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	125	j0 = expandToOneBlock(iv, 0, iv.length);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	126	j0[AES_BLOCK_SIZE - 1] = 1;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	127	} else {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	128	GHASH g = new GHASH(subkeyH);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	129	int lastLen = iv.length % AES_BLOCK_SIZE;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	130	if (lastLen != 0) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	131	g.update(iv, 0, iv.length - lastLen);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	132	byte[] padded =
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	133	expandToOneBlock(iv, iv.length - lastLen, lastLen);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	134	g.update(padded);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	135	} else {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	136	g.update(iv);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	137	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	138	byte[] lengthBlock = getLengthBlock(iv.length*8);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	139	g.update(lengthBlock);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	140	j0 = g.digest();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	141	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	142	return j0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	143	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	144
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	145	GaloisCounterMode(SymmetricCipher embeddedCipher) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	146	super(embeddedCipher);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	147	aadBuffer = new ByteArrayOutputStream();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	148	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	149
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	150	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	151	* Gets the name of the feedback mechanism
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	152	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	153	* @return the name of the feedback mechanism
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	154	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	155	String getFeedback() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	156	return "GCM";
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	157	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	158
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	159	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	160	* Resets the cipher object to its original state.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	161	* This is used when doFinal is called in the Cipher class, so that the
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	162	* cipher can be reused (with its original key and iv).
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	163	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	164	void reset() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	165	if (aadBuffer == null) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	166	aadBuffer = new ByteArrayOutputStream();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	167	} else {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	168	aadBuffer.reset();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	169	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	170	if (gctrPAndC != null) gctrPAndC.reset();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	171	if (ghashAllToS != null) ghashAllToS.reset();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	172	processed = 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	173	sizeOfAAD = 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	174	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	175
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	176	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	177	* Save the current content of this cipher.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	178	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	179	void save() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	180	processedSave = processed;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	181	sizeOfAADSave = sizeOfAAD;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	182	aadBufferSave =
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	183	((aadBuffer == null \|\| aadBuffer.size() == 0)?
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	184	null : aadBuffer.toByteArray());
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	185	if (gctrPAndC != null) gctrPAndC.save();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	186	if (ghashAllToS != null) ghashAllToS.save();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	187	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	188
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	189	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	190	* Restores the content of this cipher to the previous saved one.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	191	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	192	void restore() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	193	processed = processedSave;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	194	sizeOfAAD = sizeOfAADSave;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	195	if (aadBuffer != null) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	196	aadBuffer.reset();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	197	if (aadBufferSave != null) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	198	aadBuffer.write(aadBufferSave, 0, aadBufferSave.length);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	199	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	200	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	201	if (gctrPAndC != null) gctrPAndC.restore();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	202	if (ghashAllToS != null) ghashAllToS.restore();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	203	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	204
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	205	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	206	* Initializes the cipher in the specified mode with the given key
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	207	* and iv.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	208	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	209	* @param decrypting flag indicating encryption or decryption
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	210	* @param algorithm the algorithm name
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	211	* @param key the key
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	212	* @param iv the iv
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	213	* @param tagLenBytes the length of tag in bytes
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	214	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	215	* @exception InvalidKeyException if the given key is inappropriate for
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	216	* initializing this cipher
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	217	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	218	void init(boolean decrypting, String algorithm, byte[] key, byte[] iv)
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	219	throws InvalidKeyException {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	220	init(decrypting, algorithm, key, iv, DEFAULT_TAG_LEN);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	221	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	222
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	223	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	224	* Initializes the cipher in the specified mode with the given key
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	225	* and iv.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	226	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	227	* @param decrypting flag indicating encryption or decryption
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	228	* @param algorithm the algorithm name
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	229	* @param key the key
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	230	* @param iv the iv
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	231	* @param tagLenBytes the length of tag in bytes
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	232	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	233	* @exception InvalidKeyException if the given key is inappropriate for
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	234	* initializing this cipher
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	235	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	236	void init(boolean decrypting, String algorithm, byte[] keyValue,
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	237	byte[] ivValue, int tagLenBytes)
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	238	throws InvalidKeyException {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	239	if (keyValue == null \|\| ivValue == null) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	240	throw new InvalidKeyException("Internal error");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	241	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	242
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	243	// always encrypt mode for embedded cipher
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	244	this.embeddedCipher.init(false, algorithm, keyValue);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	245	this.subkeyH = new byte[AES_BLOCK_SIZE];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	246	this.embeddedCipher.encryptBlock(new byte[AES_BLOCK_SIZE], 0,
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	247	this.subkeyH, 0);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	248
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	249	this.iv = ivValue.clone();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	250	preCounterBlock = getJ0(iv, subkeyH);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	251	byte[] j0Plus1 = preCounterBlock.clone();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	252	increment32(j0Plus1);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	253	gctrPAndC = new GCTR(embeddedCipher, j0Plus1);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	254	ghashAllToS = new GHASH(subkeyH);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	255
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	256	this.tagLenBytes = tagLenBytes;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	257	if (aadBuffer == null) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	258	aadBuffer = new ByteArrayOutputStream();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	259	} else {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	260	aadBuffer.reset();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	261	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	262	processed = 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	263	sizeOfAAD = 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	264	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	265
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	266	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	267	* Continues a multi-part update of the Additional Authentication
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	268	* Data (AAD), using a subset of the provided buffer. If this
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	269	* cipher is operating in either GCM or CCM mode, all AAD must be
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	270	* supplied before beginning operations on the ciphertext (via the
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	271	* {@code update} and {@code doFinal} methods).
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	272	* <p>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	273	* NOTE: Given most modes do not accept AAD, default impl for this
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	274	* method throws IllegalStateException.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	275	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	276	* @param src the buffer containing the AAD
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	277	* @param offset the offset in {@code src} where the AAD input starts
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	278	* @param len the number of AAD bytes
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	279	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	280	* @throws IllegalStateException if this cipher is in a wrong state
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	281	* (e.g., has not been initialized), does not accept AAD, or if
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	282	* operating in either GCM or CCM mode and one of the {@code update}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	283	* methods has already been called for the active
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	284	* encryption/decryption operation
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	285	* @throws UnsupportedOperationException if this method
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	286	* has not been overridden by an implementation
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	287	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	288	* @since 1.8
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	289	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	290	void updateAAD(byte[] src, int offset, int len) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	291	if (aadBuffer != null) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	292	aadBuffer.write(src, offset, len);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	293	} else {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	294	// update has already been called
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	295	throw new IllegalStateException
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	296	("Update has been called; no more AAD data");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	297	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	298	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	299
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	300	// Feed the AAD data to GHASH, pad if necessary
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	301	void processAAD() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	302	if (aadBuffer != null) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	303	byte[] aad = aadBuffer.toByteArray();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	304	sizeOfAAD = aad.length;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	305	aadBuffer = null;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	306
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	307	int lastLen = aad.length % AES_BLOCK_SIZE;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	308	if (lastLen != 0) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	309	ghashAllToS.update(aad, 0, aad.length - lastLen);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	310	byte[] padded = expandToOneBlock(aad, aad.length - lastLen,
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	311	lastLen);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	312	ghashAllToS.update(padded);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	313	} else {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	314	ghashAllToS.update(aad);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	315	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	316	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	317	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	318
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	319	// Utility to process the last block; used by encryptFinal and decryptFinal
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	320	void doLastBlock(byte[] in, int inOfs, int len, byte[] out, int outOfs,
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	321	boolean isEncrypt) throws IllegalBlockSizeException {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	322	// process data in 'in'
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	323	gctrPAndC.doFinal(in, inOfs, len, out, outOfs);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	324	processed += len;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	325
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	326	byte[] ct;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	327	int ctOfs;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	328	if (isEncrypt) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	329	ct = out;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	330	ctOfs = outOfs;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	331	} else {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	332	ct = in;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	333	ctOfs = inOfs;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	334	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	335	int lastLen = len % AES_BLOCK_SIZE;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	336	if (lastLen != 0) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	337	ghashAllToS.update(ct, ctOfs, len - lastLen);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	338	byte[] padded =
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	339	expandToOneBlock(ct, (ctOfs + len - lastLen), lastLen);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	340	ghashAllToS.update(padded);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	341	} else {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	342	ghashAllToS.update(ct, ctOfs, len);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	343	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	344	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	345
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	346
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	347	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	348	* Performs encryption operation.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	349	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	350	* <p>The input plain text <code>in</code>, starting at <code>inOff</code>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	351	* and ending at <code>(inOff + len - 1)</code>, is encrypted. The result
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	352	* is stored in <code>out</code>, starting at <code>outOfs</code>.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	353	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	354	* <p>It is the application's responsibility to make sure that
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	355	* <code>len</code> is a multiple of the embedded cipher's block size,
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	356	* otherwise, a ProviderException will be thrown.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	357	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	358	* <p>It is also the application's responsibility to make sure that
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	359	* <code>init</code> has been called before this method is called.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	360	* (This check is omitted here, to avoid double checking.)
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	361	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	362	* @param in the buffer with the input data to be encrypted
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	363	* @param inOfs the offset in <code>in</code>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	364	* @param len the length of the input data
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	365	* @param out the buffer for the result
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	366	* @param outOfs the offset in <code>out</code>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	367	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	368	void encrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	369	processAAD();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	370	if (len > 0) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	371	gctrPAndC.update(in, inOfs, len, out, outOfs);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	372	processed += len;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	373	ghashAllToS.update(out, outOfs, len);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	374	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	375	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	376
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	377	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	378	* Performs encryption operation for the last time.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	379	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	380	* <p>NOTE: <code>len</code> may not be multiple of the embedded
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	381	* cipher's block size for this call.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	382	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	383	* @param in the input buffer with the data to be encrypted
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	384	* @param inOfs the offset in <code>in</code>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	385	* @param len the length of the input data
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	386	* @param out the buffer for the encryption result
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	387	* @param outOfs the offset in <code>out</code>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	388	* @return the number of bytes placed into the <code>out</code> buffer
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	389	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	390	int encryptFinal(byte[] in, int inOfs, int len, byte[] out, int outOfs)
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	391	throws IllegalBlockSizeException {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	392	if (out.length - outOfs < (len + tagLenBytes)) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	393	throw new RuntimeException("Output buffer too small");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	394	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	395
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	396	processAAD();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	397	if (len > 0) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	398	//ByteUtil.dumpArray(Arrays.copyOfRange(in, inOfs, inOfs + len));
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	399	doLastBlock(in, inOfs, len, out, outOfs, true);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	400	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	401
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	402	byte[] lengthBlock = getLengthBlock(sizeOfAAD8, processed8);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	403	ghashAllToS.update(lengthBlock);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	404	byte[] s = ghashAllToS.digest();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	405	byte[] sOut = new byte[s.length];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	406	GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	407	gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	408
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	409	System.arraycopy(sOut, 0, out, (outOfs + len), tagLenBytes);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	410	return (len + tagLenBytes);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	411	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	412
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	413	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	414	* Performs decryption operation.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	415	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	416	* <p>The input cipher text <code>in</code>, starting at
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	417	* <code>inOfs</code> and ending at <code>(inOfs + len - 1)</code>,
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	418	* is decrypted. The result is stored in <code>out</code>, starting at
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	419	* <code>outOfs</code>.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	420	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	421	* <p>It is the application's responsibility to make sure that
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	422	* <code>len</code> is a multiple of the embedded cipher's block
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	423	* size, as any excess bytes are ignored.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	424	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	425	* <p>It is also the application's responsibility to make sure that
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	426	* <code>init</code> has been called before this method is called.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	427	* (This check is omitted here, to avoid double checking.)
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	428	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	429	* @param in the buffer with the input data to be decrypted
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	430	* @param inOfs the offset in <code>in</code>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	431	* @param len the length of the input data
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	432	* @param out the buffer for the result
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	433	* @param outOfs the offset in <code>out</code>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	434	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	435	void decrypt(byte[] in, int inOfs, int len, byte[] out, int outOfs) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	436	processAAD();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	437
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	438	if (len > 0) { // must be at least AES_BLOCK_SIZE bytes long
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	439	gctrPAndC.update(in, inOfs, len, out, outOfs);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	440	processed += len;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	441	ghashAllToS.update(in, inOfs, len);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	442	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	443	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	444
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	445	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	446	* Performs decryption operation for the last time.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	447	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	448	* <p>NOTE: For cipher feedback modes which does not perform
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	449	* special handling for the last few blocks, this is essentially
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	450	* the same as <code>encrypt(...)</code>. Given most modes do
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	451	* not do special handling, the default impl for this method is
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	452	* to simply call <code>decrypt(...)</code>.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	453	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	454	* @param in the input buffer with the data to be decrypted
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	455	* @param inOfs the offset in <code>cipher</code>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	456	* @param len the length of the input data
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	457	* @param out the buffer for the decryption result
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	458	* @param outOfs the offset in <code>plain</code>
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	459	* @return the number of bytes placed into the <code>out</code> buffer
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	460	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	461	int decryptFinal(byte[] in, int inOfs, int len,
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	462	byte[] out, int outOfs)
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	463	throws IllegalBlockSizeException, AEADBadTagException {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	464	if (len < tagLenBytes) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	465	throw new RuntimeException("Input buffer too short - need tag");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	466	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	467	if (out.length - outOfs < (len - tagLenBytes)) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	468	throw new RuntimeException("Output buffer too small");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	469	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	470	processAAD();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	471
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	472	int processedOld = processed;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	473	byte[] tag = new byte[tagLenBytes];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	474	// get the trailing tag bytes from 'in'
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	475	System.arraycopy(in, inOfs + len - tagLenBytes, tag, 0, tagLenBytes);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	476	len -= tagLenBytes;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	477
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	478	if (len > 0) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	479	doLastBlock(in, inOfs, len, out, outOfs, false);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	480	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	481
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	482	byte[] lengthBlock = getLengthBlock(sizeOfAAD8, processed8);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	483	ghashAllToS.update(lengthBlock);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	484
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	485	byte[] s = ghashAllToS.digest();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	486	byte[] sOut = new byte[s.length];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	487	GCTR gctrForSToTag = new GCTR(embeddedCipher, this.preCounterBlock);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	488	gctrForSToTag.doFinal(s, 0, s.length, sOut, 0);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	489	for (int i = 0; i < tagLenBytes; i++) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	490	if (tag[i] != sOut[i]) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	491	throw new AEADBadTagException("Tag mismatch!");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	492	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	493	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	494	return len;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	495	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	496
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	497	// return tag length in bytes
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	498	int getTagLen() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	499	return this.tagLenBytes;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	500	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	501	}

author	katleman
	Fri, 12 Apr 2013 15:22:33 -0700
changeset 16748	ed60b6527f64
parent 15008	6a494f8ba5b5
child 20752	f0f0acea9113
permissions	-rw-r--r--