jdk-sandbox: jdk/src/share/classes/com/sun/crypto/provider/GHASH.java@ef8a3a2a72f2 (annotated)

15008 6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	1	/*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	2	* Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	3	* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	4	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	5	* This code is free software; you can redistribute it and/or modify it
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	6	* under the terms of the GNU General Public License version 2 only, as
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	7	* published by the Free Software Foundation. Oracle designates this
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	8	* particular file as subject to the "Classpath" exception as provided
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	9	* by Oracle in the LICENSE file that accompanied this code.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	10	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	11	* This code is distributed in the hope that it will be useful, but WITHOUT
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	12	* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	13	* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	14	* version 2 for more details (a copy is included in the LICENSE file that
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	15	* accompanied this code).
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	16	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	17	* You should have received a copy of the GNU General Public License version
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	18	* 2 along with this work; if not, write to the Free Software Foundation,
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	19	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	20	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	21	* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	22	* or visit www.oracle.com if you need additional information or have any
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	23	* questions.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	24	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	25	/*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	26	* (C) Copyright IBM Corp. 2013
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	27	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	28
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	29	package com.sun.crypto.provider;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	30
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	31	import java.util.Arrays;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	32	import java.security.*;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	33	import static com.sun.crypto.provider.AESConstants.AES_BLOCK_SIZE;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	34
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	35	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	36	* This class represents the GHASH function defined in NIST 800-38D
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	37	* under section 6.4. It needs to be constructed w/ a hash subkey, i.e.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	38	* block H. Given input of 128-bit blocks, it will process and output
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	39	* a 128-bit block.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	40	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	41	* <p>This function is used in the implementation of GCM mode.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	42	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	43	* @since 1.8
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	44	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	45	final class GHASH {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	46
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	47	private static final byte P128 = (byte) 0xe1; //reduction polynomial
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	48
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	49	private static boolean getBit(byte[] b, int pos) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	50	int p = pos / 8;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	51	pos %= 8;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	52	int i = (b[p] >>> (7 - pos)) & 1;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	53	return i != 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	54	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	55
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	56	private static void shift(byte[] b) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	57	byte temp, temp2;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	58	temp2 = 0;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	59	for (int i = 0; i < b.length; i++) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	60	temp = (byte) ((b[i] & 0x01) << 7);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	61	b[i] = (byte) ((b[i] & 0xff) >>> 1);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	62	b[i] = (byte) (b[i] \| temp2);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	63	temp2 = temp;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	64	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	65	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	66
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	67	// Given block X and Y, returns the muliplication of X * Y
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	68	private static byte[] blockMult(byte[] x, byte[] y) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	69	if (x.length != AES_BLOCK_SIZE \|\| y.length != AES_BLOCK_SIZE) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	70	throw new RuntimeException("illegal input sizes");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	71	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	72	byte[] z = new byte[AES_BLOCK_SIZE];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	73	byte[] v = y.clone();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	74	// calculate Z1-Z127 and V1-V127
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	75	for (int i = 0; i < 127; i++) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	76	// Zi+1 = Zi if bit i of x is 0
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	77	if (getBit(x, i)) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	78	for (int n = 0; n < z.length; n++) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	79	z[n] ^= v[n];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	80	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	81	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	82	boolean lastBitOfV = getBit(v, 127);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	83	shift(v);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	84	if (lastBitOfV) v[0] ^= P128;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	85	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	86	// calculate Z128
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	87	if (getBit(x, 127)) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	88	for (int n = 0; n < z.length; n++) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	89	z[n] ^= v[n];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	90	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	91	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	92	return z;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	93	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	94
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	95	// hash subkey H; should not change after the object has been constructed
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	96	private final byte[] subkeyH;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	97
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	98	// buffer for storing hash
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	99	private byte[] state;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	100
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	101	// variables for save/restore calls
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	102	private byte[] stateSave = null;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	103
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	104	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	105	* Initializes the cipher in the specified mode with the given key
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	106	* and iv.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	107	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	108	* @param subkeyH the hash subkey
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	109	*
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	110	* @exception ProviderException if the given key is inappropriate for
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	111	* initializing this digest
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	112	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	113	GHASH(byte[] subkeyH) throws ProviderException {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	114	if ((subkeyH == null) \|\| subkeyH.length != AES_BLOCK_SIZE) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	115	throw new ProviderException("Internal error");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	116	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	117	this.subkeyH = subkeyH;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	118	this.state = new byte[AES_BLOCK_SIZE];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	119	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	120
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	121	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	122	* Resets the GHASH object to its original state, i.e. blank w/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	123	* the same subkey H. Used after digest() is called and to re-use
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	124	* this object for different data w/ the same H.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	125	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	126	void reset() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	127	Arrays.fill(state, (byte) 0);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	128	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	129
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	130	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	131	* Save the current snapshot of this GHASH object.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	132	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	133	void save() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	134	stateSave = state.clone();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	135	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	136
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	137	/**
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	138	* Restores this object using the saved snapshot.
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	139	*/
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	140	void restore() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	141	state = stateSave;
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	142	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	143
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	144	private void processBlock(byte[] data, int ofs) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	145	if (data.length - ofs < AES_BLOCK_SIZE) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	146	throw new RuntimeException("need complete block");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	147	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	148	for (int n = 0; n < state.length; n++) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	149	state[n] ^= data[ofs + n];
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	150	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	151	state = blockMult(state, subkeyH);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	152	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	153
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	154	void update(byte[] in) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	155	update(in, 0, in.length);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	156	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	157
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	158	void update(byte[] in, int inOfs, int inLen) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	159	if (inLen - inOfs > in.length) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	160	throw new RuntimeException("input length out of bound");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	161	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	162	if (inLen % AES_BLOCK_SIZE != 0) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	163	throw new RuntimeException("input length unsupported");
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	164	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	165
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	166	for (int i = inOfs; i < (inOfs + inLen); i += AES_BLOCK_SIZE) {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	167	processBlock(in, i);
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	168	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	169	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	170
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	171	byte[] digest() {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	172	try {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	173	return state.clone();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	174	} finally {
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	175	reset();
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	176	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	177	}
6a494f8ba5b5 6996769: support AEAD cipher valeriep parents: diff changeset	178	}

author	malenkov
	Tue, 29 Oct 2013 17:01:06 +0400
changeset 21278	ef8a3a2a72f2
parent 15008	6a494f8ba5b5
permissions	-rw-r--r--