equal
deleted
inserted
replaced
466 // |
466 // |
467 // We assume all supported ciphers are always available since they are |
467 // We assume all supported ciphers are always available since they are |
468 // shipped with the SunJCE provider. However, AES/256 is unavailable |
468 // shipped with the SunJCE provider. However, AES/256 is unavailable |
469 // when the default JCE policy jurisdiction files are installed because |
469 // when the default JCE policy jurisdiction files are installed because |
470 // of key length restrictions. |
470 // of key length restrictions. |
471 this.isAvailable = |
471 this.isAvailable = allowed && isUnlimited(keySize, transformation); |
472 allowed ? isUnlimited(keySize, transformation) : false; |
|
473 |
472 |
474 this.readCipherGenerators = readCipherGenerators; |
473 this.readCipherGenerators = readCipherGenerators; |
475 this.writeCipherGenerators = writeCipherGenerators; |
474 this.writeCipherGenerators = writeCipherGenerators; |
476 } |
475 } |
477 |
476 |
521 if (rcg != null) { |
520 if (rcg != null) { |
522 return rcg.createCipher(this, authenticator, |
521 return rcg.createCipher(this, authenticator, |
523 protocolVersion, transformation, key, iv, random); |
522 protocolVersion, transformation, key, iv, random); |
524 } |
523 } |
525 return null; |
524 return null; |
526 } |
|
527 |
|
528 public static final String getDefaultType() { |
|
529 String prop = AccessController.doPrivileged( |
|
530 new PrivilegedAction<String>() { |
|
531 @Override |
|
532 public String run() { |
|
533 return Security.getProperty("jdk.tls.KeyLimits"); |
|
534 } |
|
535 }); |
|
536 return prop; |
|
537 } |
525 } |
538 |
526 |
539 /** |
527 /** |
540 * Test if this bulk cipher is available. For use by CipherSuite. |
528 * Test if this bulk cipher is available. For use by CipherSuite. |
541 */ |
529 */ |
836 throw new RuntimeException( |
824 throw new RuntimeException( |
837 "Unexpected number of plaintext bytes"); |
825 "Unexpected number of plaintext bytes"); |
838 } |
826 } |
839 if (bb.position() != dup.position()) { |
827 if (bb.position() != dup.position()) { |
840 throw new RuntimeException( |
828 throw new RuntimeException( |
841 "Unexpected Bytebuffer position"); |
829 "Unexpected ByteBuffer position"); |
842 } |
830 } |
843 } catch (ShortBufferException sbe) { |
831 } catch (ShortBufferException sbe) { |
844 // catch BouncyCastle buffering error |
832 // catch BouncyCastle buffering error |
845 throw new RuntimeException("Cipher buffering error in " + |
833 throw new RuntimeException("Cipher buffering error in " + |
846 "JCE provider " + cipher.getProvider().getName(), sbe); |
834 "JCE provider " + cipher.getProvider().getName(), sbe); |
929 throw new RuntimeException( |
917 throw new RuntimeException( |
930 "Unexpected number of plaintext bytes"); |
918 "Unexpected number of plaintext bytes"); |
931 } |
919 } |
932 if (bb.position() != dup.position()) { |
920 if (bb.position() != dup.position()) { |
933 throw new RuntimeException( |
921 throw new RuntimeException( |
934 "Unexpected Bytebuffer position"); |
922 "Unexpected ByteBuffer position"); |
935 } |
923 } |
936 } catch (ShortBufferException sbe) { |
924 } catch (ShortBufferException sbe) { |
937 // catch BouncyCastle buffering error |
925 // catch BouncyCastle buffering error |
938 throw new RuntimeException("Cipher buffering error in " + |
926 throw new RuntimeException("Cipher buffering error in " + |
939 "JCE provider " + cipher.getProvider().getName(), sbe); |
927 "JCE provider " + cipher.getProvider().getName(), sbe); |
1022 "Unexpected number of plaintext bytes"); |
1010 "Unexpected number of plaintext bytes"); |
1023 } |
1011 } |
1024 |
1012 |
1025 if (bb.position() != dup.position()) { |
1013 if (bb.position() != dup.position()) { |
1026 throw new RuntimeException( |
1014 throw new RuntimeException( |
1027 "Unexpected Bytebuffer position"); |
1015 "Unexpected ByteBuffer position"); |
1028 } |
1016 } |
1029 } catch (ShortBufferException sbe) { |
1017 } catch (ShortBufferException sbe) { |
1030 // catch BouncyCastle buffering error |
1018 // catch BouncyCastle buffering error |
1031 throw new RuntimeException("Cipher buffering error in " + |
1019 throw new RuntimeException("Cipher buffering error in " + |
1032 "JCE provider " + cipher.getProvider().getName(), sbe); |
1020 "JCE provider " + cipher.getProvider().getName(), sbe); |
1178 "Unexpected number of plaintext bytes"); |
1166 "Unexpected number of plaintext bytes"); |
1179 } |
1167 } |
1180 |
1168 |
1181 if (bb.position() != dup.position()) { |
1169 if (bb.position() != dup.position()) { |
1182 throw new RuntimeException( |
1170 throw new RuntimeException( |
1183 "Unexpected Bytebuffer position"); |
1171 "Unexpected ByteBuffer position"); |
1184 } |
1172 } |
1185 } catch (ShortBufferException sbe) { |
1173 } catch (ShortBufferException sbe) { |
1186 // catch BouncyCastle buffering error |
1174 // catch BouncyCastle buffering error |
1187 throw new RuntimeException("Cipher buffering error in " + |
1175 throw new RuntimeException("Cipher buffering error in " + |
1188 "JCE provider " + cipher.getProvider().getName(), sbe); |
1176 "JCE provider " + cipher.getProvider().getName(), sbe); |
1294 "Unexpected number of plaintext bytes"); |
1282 "Unexpected number of plaintext bytes"); |
1295 } |
1283 } |
1296 |
1284 |
1297 if (bb.position() != dup.position()) { |
1285 if (bb.position() != dup.position()) { |
1298 throw new RuntimeException( |
1286 throw new RuntimeException( |
1299 "Unexpected Bytebuffer position"); |
1287 "Unexpected ByteBuffer position"); |
1300 } |
1288 } |
1301 } catch (ShortBufferException sbe) { |
1289 } catch (ShortBufferException sbe) { |
1302 // catch BouncyCastle buffering error |
1290 // catch BouncyCastle buffering error |
1303 throw new RuntimeException("Cipher buffering error in " + |
1291 throw new RuntimeException("Cipher buffering error in " + |
1304 "JCE provider " + cipher.getProvider().getName(), sbe); |
1292 "JCE provider " + cipher.getProvider().getName(), sbe); |
1472 "Unexpected number of plaintext bytes"); |
1460 "Unexpected number of plaintext bytes"); |
1473 } |
1461 } |
1474 |
1462 |
1475 if (bb.position() != dup.position()) { |
1463 if (bb.position() != dup.position()) { |
1476 throw new RuntimeException( |
1464 throw new RuntimeException( |
1477 "Unexpected Bytebuffer position"); |
1465 "Unexpected ByteBuffer position"); |
1478 } |
1466 } |
1479 } catch (ShortBufferException sbe) { |
1467 } catch (ShortBufferException sbe) { |
1480 // catch BouncyCastle buffering error |
1468 // catch BouncyCastle buffering error |
1481 throw new RuntimeException("Cipher buffering error in " + |
1469 throw new RuntimeException("Cipher buffering error in " + |
1482 "JCE provider " + cipher.getProvider().getName(), sbe); |
1470 "JCE provider " + cipher.getProvider().getName(), sbe); |
1600 sequence); |
1588 sequence); |
1601 cipher.updateAAD(aad); |
1589 cipher.updateAAD(aad); |
1602 |
1590 |
1603 // DON'T decrypt the nonce_explicit for AEAD mode. The buffer |
1591 // DON'T decrypt the nonce_explicit for AEAD mode. The buffer |
1604 // position has moved out of the nonce_explicit range. |
1592 // position has moved out of the nonce_explicit range. |
1605 int len = bb.remaining(); |
1593 int len, pos = bb.position(); |
1606 int pos = bb.position(); |
|
1607 ByteBuffer dup = bb.duplicate(); |
1594 ByteBuffer dup = bb.duplicate(); |
1608 try { |
1595 try { |
1609 len = cipher.doFinal(dup, bb); |
1596 len = cipher.doFinal(dup, bb); |
1610 } catch (IllegalBlockSizeException ibse) { |
1597 } catch (IllegalBlockSizeException ibse) { |
1611 // unlikely to happen |
1598 // unlikely to happen |
1615 } catch (ShortBufferException sbe) { |
1602 } catch (ShortBufferException sbe) { |
1616 // catch BouncyCastle buffering error |
1603 // catch BouncyCastle buffering error |
1617 throw new RuntimeException("Cipher buffering error in " + |
1604 throw new RuntimeException("Cipher buffering error in " + |
1618 "JCE provider " + cipher.getProvider().getName(), sbe); |
1605 "JCE provider " + cipher.getProvider().getName(), sbe); |
1619 } |
1606 } |
1620 // reset the limit to the end of the decryted data |
1607 // reset the limit to the end of the decrypted data |
1621 bb.position(pos); |
1608 bb.position(pos); |
1622 bb.limit(pos + len); |
1609 bb.limit(pos + len); |
1623 |
1610 |
1624 if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) { |
1611 if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) { |
1625 SSLLogger.fine( |
1612 SSLLogger.fine( |
1716 // DON'T WORRY, the nonce spaces are considered already. |
1703 // DON'T WORRY, the nonce spaces are considered already. |
1717 bb.position(bb.position() - nonce.length); |
1704 bb.position(bb.position() - nonce.length); |
1718 bb.put(nonce); |
1705 bb.put(nonce); |
1719 |
1706 |
1720 // DON'T encrypt the nonce for AEAD mode. |
1707 // DON'T encrypt the nonce for AEAD mode. |
1721 int len = bb.remaining(); |
1708 int len, pos = bb.position(); |
1722 int pos = bb.position(); |
|
1723 if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) { |
1709 if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) { |
1724 SSLLogger.fine( |
1710 SSLLogger.fine( |
1725 "Plaintext before ENCRYPTION", |
1711 "Plaintext before ENCRYPTION", |
1726 bb.duplicate()); |
1712 bb.duplicate()); |
1727 } |
1713 } |
1866 // implicit sequence number of the authenticator. |
1852 // implicit sequence number of the authenticator. |
1867 byte[] aad = authenticator.acquireAuthenticationBytes( |
1853 byte[] aad = authenticator.acquireAuthenticationBytes( |
1868 contentType, bb.remaining(), sn); |
1854 contentType, bb.remaining(), sn); |
1869 cipher.updateAAD(aad); |
1855 cipher.updateAAD(aad); |
1870 |
1856 |
1871 int len = bb.remaining(); |
1857 int len, pos = bb.position(); |
1872 int pos = bb.position(); |
|
1873 ByteBuffer dup = bb.duplicate(); |
1858 ByteBuffer dup = bb.duplicate(); |
1874 try { |
1859 try { |
1875 len = cipher.doFinal(dup, bb); |
1860 len = cipher.doFinal(dup, bb); |
1876 } catch (IllegalBlockSizeException ibse) { |
1861 } catch (IllegalBlockSizeException ibse) { |
1877 // unlikely to happen |
1862 // unlikely to happen |
1881 } catch (ShortBufferException sbe) { |
1866 } catch (ShortBufferException sbe) { |
1882 // catch BouncyCastle buffering error |
1867 // catch BouncyCastle buffering error |
1883 throw new RuntimeException("Cipher buffering error in " + |
1868 throw new RuntimeException("Cipher buffering error in " + |
1884 "JCE provider " + cipher.getProvider().getName(), sbe); |
1869 "JCE provider " + cipher.getProvider().getName(), sbe); |
1885 } |
1870 } |
1886 // reset the limit to the end of the decryted data |
1871 // reset the limit to the end of the decrypted data |
1887 bb.position(pos); |
1872 bb.position(pos); |
1888 bb.limit(pos + len); |
1873 bb.limit(pos + len); |
1889 |
1874 |
1890 // remove inner plaintext padding |
1875 // remove inner plaintext padding |
1891 int i = bb.limit() - 1; |
1876 int i = bb.limit() - 1; |
1998 int outputSize = cipher.getOutputSize(bb.remaining()); |
1983 int outputSize = cipher.getOutputSize(bb.remaining()); |
1999 byte[] aad = authenticator.acquireAuthenticationBytes( |
1984 byte[] aad = authenticator.acquireAuthenticationBytes( |
2000 contentType, outputSize, sn); |
1985 contentType, outputSize, sn); |
2001 cipher.updateAAD(aad); |
1986 cipher.updateAAD(aad); |
2002 |
1987 |
2003 int len = bb.remaining(); |
1988 int len, pos = bb.position(); |
2004 int pos = bb.position(); |
|
2005 if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) { |
1989 if (SSLLogger.isOn && SSLLogger.isOn("plaintext")) { |
2006 SSLLogger.fine( |
1990 SSLLogger.fine( |
2007 "Plaintext before ENCRYPTION", |
1991 "Plaintext before ENCRYPTION", |
2008 bb.duplicate()); |
1992 bb.duplicate()); |
2009 } |
1993 } |
2203 // the purpose of a constant-time check. |
2187 // the purpose of a constant-time check. |
2204 int[] results = {0, 0}; // {missed #, matched #} |
2188 int[] results = {0, 0}; // {missed #, matched #} |
2205 |
2189 |
2206 // The caller ensures there are enough bytes available in the buffer. |
2190 // The caller ensures there are enough bytes available in the buffer. |
2207 // So we won't need to check the remaining of the buffer. |
2191 // So we won't need to check the remaining of the buffer. |
2208 for (int i = 0; i < tag.length; i++) { |
2192 for (byte t : tag) { |
2209 if (bb.get() != tag[i]) { |
2193 if (bb.get() != t) { |
2210 results[0]++; // mismatched bytes |
2194 results[0]++; // mismatched bytes |
2211 } else { |
2195 } else { |
2212 results[1]++; // matched bytes |
2196 results[1]++; // matched bytes |
2213 } |
2197 } |
2214 } |
2198 } |