Package org.conscrypt
Class OpenSSLAeadCipher
- java.lang.Object
-
- javax.crypto.CipherSpi
-
- org.conscrypt.OpenSSLCipher
-
- org.conscrypt.OpenSSLAeadCipher
-
- Direct Known Subclasses:
OpenSSLAeadCipherAES
,OpenSSLAeadCipherChaCha20
@Internal public abstract class OpenSSLAeadCipher extends OpenSSLCipher
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.conscrypt.OpenSSLCipher
OpenSSLCipher.Mode, OpenSSLCipher.Padding
-
-
Field Summary
Fields Modifier and Type Field Description private byte[]
aad
Additional authenticated data.(package private) byte[]
buf
The byte array containing the bytes written.(package private) int
bufCount
The number of bytes written.(package private) static int
DEFAULT_TAG_SIZE_BITS
The default tag size when one is not specified.private static boolean
ENABLE_BYTEBUFFER_OPTIMIZATIONS
Controls whether no-copy optimizations for direct ByteBuffers are enabled.(package private) long
evpAead
AEAD cipher reference.private static int
lastGlobalMessageSize
Keeps track of the last used block size.private boolean
mustInitialize
When set this instance must be initialized before use again.private byte[]
previousIv
The previously used nonce (IV) to prevent key + nonce reuse.private byte[]
previousKey
The previously used key to prevent key + nonce (IV) reuse.(package private) int
tagLengthInBytes
The length of the AEAD cipher tag in bytes.-
Fields inherited from class org.conscrypt.OpenSSLCipher
encodedKey, iv, mode
-
-
Constructor Summary
Constructors Constructor Description OpenSSLAeadCipher(OpenSSLCipher.Mode mode)
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description (package private) boolean
allowsNonceReuse()
Returns whether reusing nonces is allowed (aka, whether this is nonce misuse-resistant).private boolean
arraysAreEqual(byte[] a, byte[] b)
Constant-time array comparison.private void
checkInitialization()
(package private) void
checkSupportedPadding(OpenSSLCipher.Padding padding)
Checks whether the cipher supports this particular cipherpadding
and throwsNoSuchPaddingException
if it doesn't.(package private) void
checkSupportedTagLength(int tagLenBits)
(package private) int
doFinalInternal(byte[] output, int outputOffset, int maximumLen)
API-specific implementation of the final block.(package private) int
doFinalInternal(java.nio.ByteBuffer input, java.nio.ByteBuffer output)
protected int
engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset)
protected int
engineDoFinal(java.nio.ByteBuffer input, java.nio.ByteBuffer output)
(package private) void
engineInitInternal(byte[] encodedKey, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random)
API-specific implementation of initializing the cipher.protected void
engineUpdateAAD(byte[] input, int inputOffset, int inputLen)
protected void
engineUpdateAAD(java.nio.ByteBuffer buf)
private void
expand(int i)
(package private) abstract long
getEVP_AEAD(int keyLength)
(package private) int
getOutputSizeForFinal(int inputLen)
The size of output ifdoFinal()
is called with thisinputLen
.(package private) int
getOutputSizeForUpdate(int inputLen)
AEAD buffers everything until a final output.private void
reset()
private void
throwAEADBadTagExceptionIfAvailable(java.lang.String message, java.lang.Throwable cause)
(package private) int
updateInternal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset, int maximumLen)
API-specific implementation of updating the cipher.-
Methods inherited from class org.conscrypt.OpenSSLCipher
checkSupportedKeySize, checkSupportedMode, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetKeySize, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUnwrap, engineUpdate, engineUpdate, engineWrap, getBaseCipherName, getCipherBlockSize, getPadding, getParameterSpec, isEncrypting, supportsVariableSizeIv, supportsVariableSizeKey
-
-
-
-
Field Detail
-
ENABLE_BYTEBUFFER_OPTIMIZATIONS
private static final boolean ENABLE_BYTEBUFFER_OPTIMIZATIONS
Controls whether no-copy optimizations for direct ByteBuffers are enabled.- See Also:
- Constant Field Values
-
DEFAULT_TAG_SIZE_BITS
static final int DEFAULT_TAG_SIZE_BITS
The default tag size when one is not specified. Default to full-length tags (128-bits or 16 octets).- See Also:
- Constant Field Values
-
lastGlobalMessageSize
private static int lastGlobalMessageSize
Keeps track of the last used block size.
-
previousKey
private byte[] previousKey
The previously used key to prevent key + nonce (IV) reuse.
-
previousIv
private byte[] previousIv
The previously used nonce (IV) to prevent key + nonce reuse.
-
mustInitialize
private boolean mustInitialize
When set this instance must be initialized before use again. This prevents key and IV reuse.
-
buf
byte[] buf
The byte array containing the bytes written.
-
bufCount
int bufCount
The number of bytes written.
-
evpAead
long evpAead
AEAD cipher reference.
-
aad
private byte[] aad
Additional authenticated data.
-
tagLengthInBytes
int tagLengthInBytes
The length of the AEAD cipher tag in bytes.
-
-
Constructor Detail
-
OpenSSLAeadCipher
public OpenSSLAeadCipher(OpenSSLCipher.Mode mode)
-
-
Method Detail
-
checkInitialization
private void checkInitialization()
-
arraysAreEqual
private boolean arraysAreEqual(byte[] a, byte[] b)
Constant-time array comparison. Since we are using this to compare keys, we want to ensure there's no opportunity for a timing attack.
-
expand
private void expand(int i)
-
reset
private void reset()
-
engineInitInternal
void engineInitInternal(byte[] encodedKey, java.security.spec.AlgorithmParameterSpec params, java.security.SecureRandom random) throws java.security.InvalidKeyException, java.security.InvalidAlgorithmParameterException
Description copied from class:OpenSSLCipher
API-specific implementation of initializing the cipher. TheOpenSSLCipher.isEncrypting()
function will tell whether it should be initialized for encryption or decryption. TheencodedKey
will be the bytes of a supported key size.- Specified by:
engineInitInternal
in classOpenSSLCipher
- Throws:
java.security.InvalidKeyException
java.security.InvalidAlgorithmParameterException
-
checkSupportedTagLength
void checkSupportedTagLength(int tagLenBits) throws java.security.InvalidAlgorithmParameterException
- Throws:
java.security.InvalidAlgorithmParameterException
-
allowsNonceReuse
boolean allowsNonceReuse()
Returns whether reusing nonces is allowed (aka, whether this is nonce misuse-resistant). Most AEAD ciphers are not, but some are specially constructed so that reusing a key/nonce pair is safe.
-
engineDoFinal
protected int engineDoFinal(java.nio.ByteBuffer input, java.nio.ByteBuffer output) throws javax.crypto.ShortBufferException, javax.crypto.IllegalBlockSizeException, javax.crypto.BadPaddingException
- Overrides:
engineDoFinal
in classjavax.crypto.CipherSpi
- Throws:
javax.crypto.ShortBufferException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException
-
engineDoFinal
protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws javax.crypto.ShortBufferException, javax.crypto.IllegalBlockSizeException, javax.crypto.BadPaddingException
- Overrides:
engineDoFinal
in classOpenSSLCipher
- Throws:
javax.crypto.ShortBufferException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException
-
updateInternal
int updateInternal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset, int maximumLen) throws javax.crypto.ShortBufferException
Description copied from class:OpenSSLCipher
API-specific implementation of updating the cipher. ThemaximumLen
will be the maximum length of the output as returned byOpenSSLCipher.getOutputSizeForUpdate(int)
. The return value must be the number of bytes processed and placed intooutput
. On error, an exception must be thrown.- Specified by:
updateInternal
in classOpenSSLCipher
- Throws:
javax.crypto.ShortBufferException
-
throwAEADBadTagExceptionIfAvailable
private void throwAEADBadTagExceptionIfAvailable(java.lang.String message, java.lang.Throwable cause) throws javax.crypto.BadPaddingException
- Throws:
javax.crypto.BadPaddingException
-
doFinalInternal
int doFinalInternal(java.nio.ByteBuffer input, java.nio.ByteBuffer output) throws javax.crypto.ShortBufferException, javax.crypto.IllegalBlockSizeException, javax.crypto.BadPaddingException
- Throws:
javax.crypto.ShortBufferException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException
-
doFinalInternal
int doFinalInternal(byte[] output, int outputOffset, int maximumLen) throws javax.crypto.ShortBufferException, javax.crypto.IllegalBlockSizeException, javax.crypto.BadPaddingException
Description copied from class:OpenSSLCipher
API-specific implementation of the final block. ThemaximumLen
will be the maximum length of the possible output as returned byOpenSSLCipher.getOutputSizeForFinal(int)
. The return value must be the number of bytes processed and placed intooutput
. On error, an exception must be thrown.- Specified by:
doFinalInternal
in classOpenSSLCipher
- Throws:
javax.crypto.ShortBufferException
javax.crypto.IllegalBlockSizeException
javax.crypto.BadPaddingException
-
checkSupportedPadding
void checkSupportedPadding(OpenSSLCipher.Padding padding) throws javax.crypto.NoSuchPaddingException
Description copied from class:OpenSSLCipher
Checks whether the cipher supports this particular cipherpadding
and throwsNoSuchPaddingException
if it doesn't.- Specified by:
checkSupportedPadding
in classOpenSSLCipher
- Throws:
javax.crypto.NoSuchPaddingException
-
getOutputSizeForUpdate
int getOutputSizeForUpdate(int inputLen)
AEAD buffers everything until a final output.- Specified by:
getOutputSizeForUpdate
in classOpenSSLCipher
-
getOutputSizeForFinal
int getOutputSizeForFinal(int inputLen)
Description copied from class:OpenSSLCipher
The size of output ifdoFinal()
is called with thisinputLen
. If padding is enabled and the size of the input puts it right at the block size, it will add another block for the padding.- Specified by:
getOutputSizeForFinal
in classOpenSSLCipher
-
engineUpdateAAD
protected void engineUpdateAAD(byte[] input, int inputOffset, int inputLen)
- Overrides:
engineUpdateAAD
in classjavax.crypto.CipherSpi
-
engineUpdateAAD
protected void engineUpdateAAD(java.nio.ByteBuffer buf)
- Overrides:
engineUpdateAAD
in classjavax.crypto.CipherSpi
-
getEVP_AEAD
abstract long getEVP_AEAD(int keyLength) throws java.security.InvalidKeyException
- Throws:
java.security.InvalidKeyException
-
-