jdk-sandbox: comparison jdk/src/java.base/share/classes/sun/security/ssl/MAC.java

equal deleted inserted replaced

-:0c7d705209c6
+:ec0224270f90
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 package sun.security.ssl;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 * @author David Brownell
 * @author Andreas Sterbenz
 */
 final class MAC extends Authenticator {
-final static MAC NULL = new MAC();
+final static MAC TLS_NULL = new MAC(false);
 // Value of the null MAC is fixed
 private static final byte nullMAC[] = new byte[0];
 // internal identifier for the MAC algorithm
-private final MacAlg        macAlg;
+private final MacAlg macAlg;
 // JCE Mac object
 private final Mac mac;
-private MAC() {
+MAC(boolean isDTLS) {
+super(isDTLS);
 macAlg = M_NULL;
 mac = null;
 }
 /**
-* Set up, configured for the given SSL/TLS MAC type and version.
+* Set up, configured for the given MAC type and version.
 */
 MAC(MacAlg macAlg, ProtocolVersion protocolVersion, SecretKey key)
 throws NoSuchAlgorithmException, InvalidKeyException {
 super(protocolVersion);
 this.macAlg = macAlg;
 String algorithm;
-boolean tls = (protocolVersion.v >= ProtocolVersion.TLS10.v);
+// using SSL MAC computation?
+boolean useSSLMac = (protocolVersion.v < ProtocolVersion.TLS10.v);
 if (macAlg == M_MD5) {
-algorithm = tls ? "HmacMD5" : "SslMacMD5";
+algorithm = useSSLMac ? "SslMacMD5" : "HmacMD5";
 } else if (macAlg == M_SHA) {
-algorithm = tls ? "HmacSHA1" : "SslMacSHA1";
+algorithm = useSSLMac ? "SslMacSHA1" : "HmacSHA1";
 } else if (macAlg == M_SHA256) {
 algorithm = "HmacSHA256";    // TLS 1.2+
 } else if (macAlg == M_SHA384) {
 algorithm = "HmacSHA384";    // TLS 1.2+
 } else {
 * @param type record type
 * @param buf compressed record on which the MAC is computed
 * @param offset start of compressed record data
 * @param len the size of the compressed record
 * @param isSimulated if true, simulate the MAC computation
+*
+* @return the MAC result
 */
 final byte[] compute(byte type, byte buf[],
 int offset, int len, boolean isSimulated) {
 if (macAlg.size == 0) {
 return nullMAC;
 }
 if (!isSimulated) {
-byte[] additional = acquireAuthenticationBytes(type, len);
+// Uses the implicit sequence number for the computation.
+byte[] additional = acquireAuthenticationBytes(type, len, null);
 mac.update(additional);
 }
 mac.update(buf, offset, len);
 return mac.doFinal();
 *
 * @param type record type
 * @param bb a ByteBuffer in which the position and limit
 *          demarcate the data to be MAC'd.
 * @param isSimulated if true, simulate the MAC computation
+* @param sequence the explicit sequence number, or null if using
+*        the implicit sequence number for the computation
+*
+* @return the MAC result
 */
-final byte[] compute(byte type, ByteBuffer bb, boolean isSimulated) {
+final byte[] compute(byte type, ByteBuffer bb,
+byte[] sequence, boolean isSimulated) {
 if (macAlg.size == 0) {
 return nullMAC;
 }
 if (!isSimulated) {
+// Uses the explicit sequence number for the computation.
 byte[] additional =
-acquireAuthenticationBytes(type, bb.remaining());
+acquireAuthenticationBytes(type, bb.remaining(), sequence);
 mac.update(additional);
 }
 mac.update(bb);
 return mac.doFinal();
 }
+/**
+* Compute and returns the MAC for the remaining data
+* in this ByteBuffer.
+*
+* On return, the bb position == limit, and limit will
+* have not changed.
+*
+* @param type record type
+* @param bb a ByteBuffer in which the position and limit
+*        demarcate the data to be MAC'd.
+* @param isSimulated if true, simulate the the MAC computation
+*
+* @return the MAC result
+*/
+final byte[] compute(byte type, ByteBuffer bb, boolean isSimulated) {
+// Uses the implicit sequence number for the computation.
+return compute(type, bb, null, isSimulated);
+}
 }

changeset 30904	ec0224270f90
parent 29488	1f25b971e59a
child 31538	0981099a3e54