Skip to content
Permalink
Browse files
8255557: Decouple GCM from CipherCore
Reviewed-by: valeriep
  • Loading branch information
Anthony Scarpino committed Jun 7, 2021
1 parent e546ae2 commit c7c77fd32b1b1bc736ef3523456a2968447fc627
Showing 15 changed files with 2,016 additions and 1,474 deletions.
@@ -138,21 +138,6 @@ public AES256_CFB_NoPadding() {
super(32, "CFB", "NOPADDING");
}
}
public static final class AES128_GCM_NoPadding extends OidImpl {
public AES128_GCM_NoPadding() {
super(16, "GCM", "NOPADDING");
}
}
public static final class AES192_GCM_NoPadding extends OidImpl {
public AES192_GCM_NoPadding() {
super(24, "GCM", "NOPADDING");
}
}
public static final class AES256_GCM_NoPadding extends OidImpl {
public AES256_GCM_NoPadding() {
super(32, "GCM", "NOPADDING");
}
}

// utility method used by AESCipher and AESWrapCipher
static final void checkKeySize(Key key, int fixedKeySize)
@@ -185,10 +170,6 @@ static final void checkKeySize(Key key, int fixedKeySize)
*/
private final int fixedKeySize; // in bytes, -1 if no restriction

/*
* needed to enforce ISE thrown when updateAAD is called after update for GCM mode.
*/
private boolean updateCalled;

/**
* Creates an instance of AES cipher with default ECB mode and
@@ -322,7 +303,6 @@ protected AlgorithmParameters engineGetParameters() {
protected void engineInit(int opmode, Key key, SecureRandom random)
throws InvalidKeyException {
checkKeySize(key, fixedKeySize);
updateCalled = false;
core.init(opmode, key, random);
}

@@ -355,7 +335,6 @@ protected void engineInit(int opmode, Key key,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
checkKeySize(key, fixedKeySize);
updateCalled = false;
core.init(opmode, key, params, random);
}

@@ -364,7 +343,6 @@ protected void engineInit(int opmode, Key key,
SecureRandom random)
throws InvalidKeyException, InvalidAlgorithmParameterException {
checkKeySize(key, fixedKeySize);
updateCalled = false;
core.init(opmode, key, params, random);
}

@@ -389,7 +367,6 @@ protected void engineInit(int opmode, Key key,
*/
protected byte[] engineUpdate(byte[] input, int inputOffset,
int inputLen) {
updateCalled = true;
return core.update(input, inputOffset, inputLen);
}

@@ -419,7 +396,6 @@ protected byte[] engineUpdate(byte[] input, int inputOffset,
protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
byte[] output, int outputOffset)
throws ShortBufferException {
updateCalled = true;
return core.update(input, inputOffset, inputLen, output,
outputOffset);
}
@@ -458,7 +434,6 @@ protected int engineUpdate(byte[] input, int inputOffset, int inputLen,
protected byte[] engineDoFinal(byte[] input, int inputOffset, int inputLen)
throws IllegalBlockSizeException, BadPaddingException {
byte[] out = core.doFinal(input, inputOffset, inputLen);
updateCalled = false;
return out;
}

@@ -504,7 +479,6 @@ protected int engineDoFinal(byte[] input, int inputOffset, int inputLen,
BadPaddingException {
int outLen = core.doFinal(input, inputOffset, inputLen, output,
outputOffset);
updateCalled = false;
return outLen;
}

@@ -577,86 +551,6 @@ protected Key engineUnwrap(byte[] wrappedKey,
wrappedKeyType);
}

/**
* Continues a multi-part update of the Additional Authentication
* Data (AAD), using a subset of the provided buffer.
* <p>
* Calls to this method provide AAD to the cipher when operating in
* modes such as AEAD (GCM/CCM). If this cipher is operating in
* either GCM or CCM mode, all AAD must be supplied before beginning
* operations on the ciphertext (via the {@code update} and {@code
* doFinal} methods).
*
* @param src the buffer containing the AAD
* @param offset the offset in {@code src} where the AAD input starts
* @param len the number of AAD bytes
*
* @throws IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized), does not accept AAD, or if
* operating in either GCM or CCM mode and one of the {@code update}
* methods has already been called for the active
* encryption/decryption operation
* @throws UnsupportedOperationException if this method
* has not been overridden by an implementation
*
* @since 1.8
*/
@Override
protected void engineUpdateAAD(byte[] src, int offset, int len) {
if (core.getMode() == CipherCore.GCM_MODE && updateCalled) {
throw new IllegalStateException("AAD must be supplied before encryption/decryption starts");
}
core.updateAAD(src, offset, len);
}

/**
* Continues a multi-part update of the Additional Authentication
* Data (AAD).
* <p>
* Calls to this method provide AAD to the cipher when operating in
* modes such as AEAD (GCM/CCM). If this cipher is operating in
* either GCM or CCM mode, all AAD must be supplied before beginning
* operations on the ciphertext (via the {@code update} and {@code
* doFinal} methods).
* <p>
* All {@code src.remaining()} bytes starting at
* {@code src.position()} are processed.
* Upon return, the input buffer's position will be equal
* to its limit; its limit will not have changed.
*
* @param src the buffer containing the AAD
*
* @throws IllegalStateException if this cipher is in a wrong state
* (e.g., has not been initialized), does not accept AAD, or if
* operating in either GCM or CCM mode and one of the {@code update}
* methods has already been called for the active
* encryption/decryption operation
* @throws UnsupportedOperationException if this method
* has not been overridden by an implementation
*
* @since 1.8
*/
@Override
protected void engineUpdateAAD(ByteBuffer src) {
if (core.getMode() == CipherCore.GCM_MODE && updateCalled) {
throw new IllegalStateException("AAD must be supplied before encryption/decryption starts");
}
if (src != null) {
int aadLen = src.limit() - src.position();
if (aadLen > 0) {
if (src.hasArray()) {
int aadOfs = Math.addExact(src.arrayOffset(), src.position());
core.updateAAD(src.array(), aadOfs, aadLen);
src.position(src.limit());
} else {
byte[] aad = new byte[aadLen];
src.get(aad);
core.updateAAD(aad, 0, aadLen);
}
}
}
}

/**
* Finalize crypto operation with ByteBuffers
*
@@ -672,10 +566,6 @@ protected void engineUpdateAAD(ByteBuffer src) {
protected int engineDoFinal(ByteBuffer input, ByteBuffer output)
throws ShortBufferException, IllegalBlockSizeException,
BadPaddingException {
if (core.getMode() == CipherCore.GCM_MODE && !input.hasArray()) {
return core.gcmDoFinal(input, output);
} else {
return super.engineDoFinal(input, output);
}
return super.engineDoFinal(input, output);
}
}

0 comments on commit c7c77fd

Please sign in to comment.