1 /* |
1 /* |
2 * Copyright (c) 2003, 2013 Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
316 return padded; |
316 return padded; |
317 } |
317 } |
318 |
318 |
319 /** |
319 /** |
320 * PKCS#1 v1.5 unpadding (blocktype 1 and 2). |
320 * PKCS#1 v1.5 unpadding (blocktype 1 and 2). |
|
321 * |
|
322 * Note that we want to make it a constant-time operation |
321 */ |
323 */ |
322 private byte[] unpadV15(byte[] padded) throws BadPaddingException { |
324 private byte[] unpadV15(byte[] padded) throws BadPaddingException { |
323 int k = 0; |
325 int k = 0; |
|
326 BadPaddingException bpe = null; |
|
327 |
324 if (padded[k++] != 0) { |
328 if (padded[k++] != 0) { |
325 throw new BadPaddingException("Data must start with zero"); |
329 bpe = new BadPaddingException("Data must start with zero"); |
326 } |
330 } |
327 if (padded[k++] != type) { |
331 if (padded[k++] != type && bpe == null) { |
328 throw new BadPaddingException("Blocktype mismatch: " + padded[1]); |
332 bpe = new BadPaddingException("Blocktype mismatch: " + padded[1]); |
329 } |
333 } |
330 while (true) { |
334 int p = 0; |
|
335 while (k < padded.length) { |
331 int b = padded[k++] & 0xff; |
336 int b = padded[k++] & 0xff; |
332 if (b == 0) { |
337 if (b == 0 && p == 0) { |
333 break; |
338 p = k; |
334 } |
339 } |
335 if (k == padded.length) { |
340 if (k == padded.length && p == 0 && bpe == null) { |
336 throw new BadPaddingException("Padding string not terminated"); |
341 bpe = new BadPaddingException("Padding string not terminated"); |
337 } |
342 } |
338 if ((type == PAD_BLOCKTYPE_1) && (b != 0xff)) { |
343 if ((type == PAD_BLOCKTYPE_1) && (b != 0xff) && |
339 throw new BadPaddingException("Padding byte not 0xff: " + b); |
344 p == 0 && bpe == null) { |
340 } |
345 bpe = new BadPaddingException("Padding byte not 0xff: " + b); |
341 } |
346 } |
342 int n = padded.length - k; |
347 } |
343 if (n > maxDataSize) { |
348 int n = padded.length - p; |
344 throw new BadPaddingException("Padding string too short"); |
349 if (n > maxDataSize && bpe == null) { |
345 } |
350 bpe = new BadPaddingException("Padding string too short"); |
|
351 } |
|
352 |
|
353 // copy useless padding array for a constant-time method |
|
354 // |
|
355 // Is it necessary? |
|
356 byte[] padding = new byte[p]; |
|
357 System.arraycopy(padded, 0, padding, 0, p); |
|
358 |
346 byte[] data = new byte[n]; |
359 byte[] data = new byte[n]; |
347 System.arraycopy(padded, padded.length - n, data, 0, n); |
360 System.arraycopy(padded, p, data, 0, n); |
|
361 |
|
362 if (bpe == null) { |
|
363 bpe = new BadPaddingException("Unused exception"); |
|
364 } else { |
|
365 throw bpe; |
|
366 } |
|
367 |
348 return data; |
368 return data; |
349 } |
369 } |
350 |
370 |
351 /** |
371 /** |
352 * PKCS#1 v2.0 OAEP padding (MGF1). |
372 * PKCS#1 v2.0 OAEP padding (MGF1). |