Package org.conscrypt
Class OpenSSLAeadCipher
java.lang.Object
javax.crypto.CipherSpi
org.conscrypt.OpenSSLCipher
org.conscrypt.OpenSSLAeadCipher
- Direct Known Subclasses:
OpenSSLAeadCipherAES
,OpenSSLAeadCipherChaCha20
-
Nested Class Summary
Nested classes/interfaces inherited from class org.conscrypt.OpenSSLCipher
OpenSSLCipher.Mode, OpenSSLCipher.Padding
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate byte[]
Additional authenticated data.(package private) byte[]
The byte array containing the bytes written.(package private) int
The number of bytes written.(package private) static final int
The default tag size when one is not specified.private static final boolean
Controls whether no-copy optimizations for direct ByteBuffers are enabled.(package private) long
AEAD cipher reference.private static int
Keeps track of the last used block size.private boolean
When set this instance must be initialized before use again.private byte[]
The previously used nonce (IV) to prevent key + nonce reuse.private byte[]
The previously used key to prevent key + nonce (IV) reuse.(package private) int
The length of the AEAD cipher tag in bytes.Fields inherited from class org.conscrypt.OpenSSLCipher
encodedKey, iv, mode
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) boolean
Returns whether reusing nonces is allowed (aka, whether this is nonce misuse-resistant).private boolean
arraysAreEqual
(byte[] a, byte[] b) Constant-time array comparison.private void
(package private) void
Checks whether the cipher supports this particular cipherpadding
and throwsNoSuchPaddingException
if it doesn't.(package private) void
checkSupportedTagLength
(int tagLenBits) (package private) int
doFinalInternal
(byte[] output, int outputOffset, int maximumLen) API-specific implementation of the final block.(package private) int
doFinalInternal
(ByteBuffer input, ByteBuffer output) protected int
engineDoFinal
(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) protected int
engineDoFinal
(ByteBuffer input, ByteBuffer output) (package private) void
engineInitInternal
(byte[] encodedKey, AlgorithmParameterSpec params, SecureRandom random) API-specific implementation of initializing the cipher.protected void
engineUpdateAAD
(byte[] input, int inputOffset, int inputLen) protected void
private void
expand
(int i) (package private) abstract long
getEVP_AEAD
(int keyLength) (package private) int
getOutputSizeForFinal
(int inputLen) The size of output ifdoFinal()
is called with thisinputLen
.(package private) int
getOutputSizeForUpdate
(int inputLen) AEAD buffers everything until a final output.private void
reset()
private void
throwAEADBadTagExceptionIfAvailable
(String message, Throwable cause) (package private) int
updateInternal
(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset, int maximumLen) API-specific implementation of updating the cipher.Methods inherited from class org.conscrypt.OpenSSLCipher
checkSupportedKeySize, checkSupportedMode, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetKeySize, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUnwrap, engineUpdate, engineUpdate, engineWrap, getBaseCipherName, getCipherBlockSize, getPadding, getParameterSpec, isEncrypting, supportsVariableSizeIv, supportsVariableSizeKey
Methods inherited from class javax.crypto.CipherSpi
engineUpdate
-
Field Details
-
ENABLE_BYTEBUFFER_OPTIMIZATIONS
private static final boolean ENABLE_BYTEBUFFER_OPTIMIZATIONSControls whether no-copy optimizations for direct ByteBuffers are enabled.- See Also:
-
DEFAULT_TAG_SIZE_BITS
static final int DEFAULT_TAG_SIZE_BITSThe default tag size when one is not specified. Default to full-length tags (128-bits or 16 octets).- See Also:
-
lastGlobalMessageSize
private static int lastGlobalMessageSizeKeeps track of the last used block size. -
previousKey
private byte[] previousKeyThe previously used key to prevent key + nonce (IV) reuse. -
previousIv
private byte[] previousIvThe previously used nonce (IV) to prevent key + nonce reuse. -
mustInitialize
private boolean mustInitializeWhen set this instance must be initialized before use again. This prevents key and IV reuse. -
buf
byte[] bufThe byte array containing the bytes written. -
bufCount
int bufCountThe number of bytes written. -
evpAead
long evpAeadAEAD cipher reference. -
aad
private byte[] aadAdditional authenticated data. -
tagLengthInBytes
int tagLengthInBytesThe length of the AEAD cipher tag in bytes.
-
-
Constructor Details
-
OpenSSLAeadCipher
-
-
Method Details
-
checkInitialization
private void checkInitialization() -
arraysAreEqual
private boolean arraysAreEqual(byte[] a, byte[] b) Constant-time array comparison. Since we are using this to compare keys, we want to ensure there's no opportunity for a timing attack. -
expand
private void expand(int i) -
reset
private void reset() -
engineInitInternal
void engineInitInternal(byte[] encodedKey, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException Description copied from class:OpenSSLCipher
API-specific implementation of initializing the cipher. TheOpenSSLCipher.isEncrypting()
function will tell whether it should be initialized for encryption or decryption. TheencodedKey
will be the bytes of a supported key size.- Specified by:
engineInitInternal
in classOpenSSLCipher
- Throws:
InvalidKeyException
InvalidAlgorithmParameterException
-
checkSupportedTagLength
-
allowsNonceReuse
boolean allowsNonceReuse()Returns whether reusing nonces is allowed (aka, whether this is nonce misuse-resistant). Most AEAD ciphers are not, but some are specially constructed so that reusing a key/nonce pair is safe. -
engineDoFinal
protected int engineDoFinal(ByteBuffer input, ByteBuffer output) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException - Overrides:
engineDoFinal
in classCipherSpi
- Throws:
ShortBufferException
IllegalBlockSizeException
BadPaddingException
-
engineDoFinal
protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException - Overrides:
engineDoFinal
in classOpenSSLCipher
- Throws:
ShortBufferException
IllegalBlockSizeException
BadPaddingException
-
updateInternal
int updateInternal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset, int maximumLen) throws ShortBufferException Description copied from class:OpenSSLCipher
API-specific implementation of updating the cipher. ThemaximumLen
will be the maximum length of the output as returned byOpenSSLCipher.getOutputSizeForUpdate(int)
. The return value must be the number of bytes processed and placed intooutput
. On error, an exception must be thrown.- Specified by:
updateInternal
in classOpenSSLCipher
- Throws:
ShortBufferException
-
throwAEADBadTagExceptionIfAvailable
private void throwAEADBadTagExceptionIfAvailable(String message, Throwable cause) throws BadPaddingException - Throws:
BadPaddingException
-
doFinalInternal
int doFinalInternal(ByteBuffer input, ByteBuffer output) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException -
doFinalInternal
int doFinalInternal(byte[] output, int outputOffset, int maximumLen) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException Description copied from class:OpenSSLCipher
API-specific implementation of the final block. ThemaximumLen
will be the maximum length of the possible output as returned byOpenSSLCipher.getOutputSizeForFinal(int)
. The return value must be the number of bytes processed and placed intooutput
. On error, an exception must be thrown.- Specified by:
doFinalInternal
in classOpenSSLCipher
- Throws:
ShortBufferException
IllegalBlockSizeException
BadPaddingException
-
checkSupportedPadding
Description copied from class:OpenSSLCipher
Checks whether the cipher supports this particular cipherpadding
and throwsNoSuchPaddingException
if it doesn't.- Specified by:
checkSupportedPadding
in classOpenSSLCipher
- Throws:
NoSuchPaddingException
-
getOutputSizeForUpdate
int getOutputSizeForUpdate(int inputLen) AEAD buffers everything until a final output.- Specified by:
getOutputSizeForUpdate
in classOpenSSLCipher
-
getOutputSizeForFinal
int getOutputSizeForFinal(int inputLen) Description copied from class:OpenSSLCipher
The size of output ifdoFinal()
is called with thisinputLen
. If padding is enabled and the size of the input puts it right at the block size, it will add another block for the padding.- Specified by:
getOutputSizeForFinal
in classOpenSSLCipher
-
engineUpdateAAD
protected void engineUpdateAAD(byte[] input, int inputOffset, int inputLen) - Overrides:
engineUpdateAAD
in classCipherSpi
-
engineUpdateAAD
- Overrides:
engineUpdateAAD
in classCipherSpi
-
getEVP_AEAD
- Throws:
InvalidKeyException
-