equal
deleted
inserted
replaced
562 } |
562 } |
563 |
563 |
564 abstract static class SSLReadCipher { |
564 abstract static class SSLReadCipher { |
565 final Authenticator authenticator; |
565 final Authenticator authenticator; |
566 final ProtocolVersion protocolVersion; |
566 final ProtocolVersion protocolVersion; |
|
567 boolean keyLimitEnabled = false; |
|
568 long keyLimitCountdown = 0; |
567 SecretKey baseSecret; |
569 SecretKey baseSecret; |
568 |
570 |
569 SSLReadCipher(Authenticator authenticator, |
571 SSLReadCipher(Authenticator authenticator, |
570 ProtocolVersion protocolVersion) { |
572 ProtocolVersion protocolVersion) { |
571 this.authenticator = authenticator; |
573 this.authenticator = authenticator; |
603 |
605 |
604 abstract int estimateFragmentSize(int packetSize, int headerSize); |
606 abstract int estimateFragmentSize(int packetSize, int headerSize); |
605 |
607 |
606 boolean isNullCipher() { |
608 boolean isNullCipher() { |
607 return false; |
609 return false; |
|
610 } |
|
611 |
|
612 /** |
|
613 * Check if processed bytes have reached the key usage limit. |
|
614 * If key usage limit is not be monitored, return false. |
|
615 */ |
|
616 public boolean atKeyLimit() { |
|
617 if (keyLimitCountdown >= 0) { |
|
618 return false; |
|
619 } |
|
620 |
|
621 // Turn off limit checking as KeyUpdate will be occurring |
|
622 keyLimitEnabled = false; |
|
623 return true; |
608 } |
624 } |
609 } |
625 } |
610 |
626 |
611 interface WriteCipherGenerator { |
627 interface WriteCipherGenerator { |
612 SSLWriteCipher createCipher(SSLCipher sslCipher, |
628 SSLWriteCipher createCipher(SSLCipher sslCipher, |
1799 this.tagSize = sslCipher.tagSize; |
1815 this.tagSize = sslCipher.tagSize; |
1800 this.key = key; |
1816 this.key = key; |
1801 this.iv = ((IvParameterSpec)params).getIV(); |
1817 this.iv = ((IvParameterSpec)params).getIV(); |
1802 this.random = random; |
1818 this.random = random; |
1803 |
1819 |
|
1820 keyLimitCountdown = cipherLimits.getOrDefault( |
|
1821 algorithm.toUpperCase() + ":" + tag[0], 0L); |
|
1822 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { |
|
1823 SSLLogger.fine("KeyLimit read side: algorithm = " + |
|
1824 algorithm.toUpperCase() + ":" + tag[0] + |
|
1825 "\ncountdown value = " + keyLimitCountdown); |
|
1826 } |
|
1827 if (keyLimitCountdown > 0) { |
|
1828 keyLimitEnabled = true; |
|
1829 } |
1804 // DON'T initialize the cipher for AEAD! |
1830 // DON'T initialize the cipher for AEAD! |
1805 } |
1831 } |
1806 |
1832 |
1807 @Override |
1833 @Override |
1808 public Plaintext decrypt(byte contentType, ByteBuffer bb, |
1834 public Plaintext decrypt(byte contentType, ByteBuffer bb, |
1886 |
1912 |
1887 if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) { |
1913 if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) { |
1888 SSLLogger.fine( |
1914 SSLLogger.fine( |
1889 "Plaintext after DECRYPTION", bb.duplicate()); |
1915 "Plaintext after DECRYPTION", bb.duplicate()); |
1890 } |
1916 } |
|
1917 if (keyLimitEnabled) { |
|
1918 keyLimitCountdown -= len; |
|
1919 } |
1891 |
1920 |
1892 return new Plaintext(contentType, |
1921 return new Plaintext(contentType, |
1893 ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor, |
1922 ProtocolVersion.NONE.major, ProtocolVersion.NONE.minor, |
1894 -1, -1L, bb.slice()); |
1923 -1, -1L, bb.slice()); |
1895 } |
1924 } |
1943 this.random = random; |
1972 this.random = random; |
1944 |
1973 |
1945 keyLimitCountdown = cipherLimits.getOrDefault( |
1974 keyLimitCountdown = cipherLimits.getOrDefault( |
1946 algorithm.toUpperCase() + ":" + tag[0], 0L); |
1975 algorithm.toUpperCase() + ":" + tag[0], 0L); |
1947 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { |
1976 if (SSLLogger.isOn && SSLLogger.isOn("ssl")) { |
1948 SSLLogger.fine("algorithm = " + algorithm.toUpperCase() + |
1977 SSLLogger.fine("KeyLimit write side: algorithm = " |
1949 ":" + tag[0] + "\ncountdown value = " + |
1978 + algorithm.toUpperCase() + ":" + tag[0] + |
1950 keyLimitCountdown); |
1979 "\ncountdown value = " + keyLimitCountdown); |
1951 } |
1980 } |
1952 if (keyLimitCountdown > 0) { |
1981 if (keyLimitCountdown > 0) { |
1953 keyLimitEnabled = true; |
1982 keyLimitEnabled = true; |
1954 } |
1983 } |
1955 |
1984 |