Package org.conscrypt

Class OpenSSLAeadCipher

    • Field Detail

      • ENABLE_BYTEBUFFER_OPTIMIZATIONS

        private static final boolean ENABLE_BYTEBUFFER_OPTIMIZATIONS
        Controls whether no-copy optimizations for direct ByteBuffers are enabled.
        See Also:
        Constant Field Values

      • DEFAULT_TAG_SIZE_BITS

        static final int DEFAULT_TAG_SIZE_BITS
        The default tag size when one is not specified. Default to full-length tags (128-bits or 16 octets).
        See Also:
        Constant Field Values

      • lastGlobalMessageSize

        private static int lastGlobalMessageSize
        Keeps track of the last used block size.

      • previousKey

        private byte[] previousKey
        The previously used key to prevent key + nonce (IV) reuse.

      • previousIv

        private byte[] previousIv
        The previously used nonce (IV) to prevent key + nonce reuse.

      • mustInitialize

        private boolean mustInitialize
        When set this instance must be initialized before use again. This prevents key and IV reuse.

      • buf

        byte[] buf
        The byte array containing the bytes written.

      • bufCount

        int bufCount
        The number of bytes written.

      • evpAead

        long evpAead
        AEAD cipher reference.

      • aad

        private byte[] aad
        Additional authenticated data.

      • tagLengthInBytes

        int tagLengthInBytes
        The length of the AEAD cipher tag in bytes.

    • Method Detail

      • checkInitialization

        private void checkInitialization()

      • arraysAreEqual

        private boolean arraysAreEqual​(byte[] a,
                               byte[] b)
        Constant-time array comparison. Since we are using this to compare keys, we want to ensure there's no opportunity for a timing attack.

      • expand

        private void expand​(int i)

      • reset

        private void reset()

      • engineInitInternal

        void engineInitInternal​(byte[] encodedKey,
                        java.security.spec.AlgorithmParameterSpec params,
                        java.security.SecureRandom random)
                 throws java.security.InvalidKeyException,
                        java.security.InvalidAlgorithmParameterException
        Description copied from class: OpenSSLCipher
        API-specific implementation of initializing the cipher. The OpenSSLCipher.isEncrypting() function will tell whether it should be initialized for encryption or decryption. The encodedKey will be the bytes of a supported key size.
        Specified by:
        engineInitInternal in class OpenSSLCipher
        Throws:
        java.security.InvalidKeyException
        java.security.InvalidAlgorithmParameterException

      • checkSupportedTagLength

        void checkSupportedTagLength​(int tagLenBits)
                      throws java.security.InvalidAlgorithmParameterException
        Throws:
        java.security.InvalidAlgorithmParameterException

      • allowsNonceReuse

        boolean allowsNonceReuse()
        Returns whether reusing nonces is allowed (aka, whether this is nonce misuse-resistant). Most AEAD ciphers are not, but some are specially constructed so that reusing a key/nonce pair is safe.

      • engineDoFinal

        protected int engineDoFinal​(java.nio.ByteBuffer input,
                            java.nio.ByteBuffer output)
                     throws javax.crypto.ShortBufferException,
                            javax.crypto.IllegalBlockSizeException,
                            javax.crypto.BadPaddingException
        Overrides:
        engineDoFinal in class javax.crypto.CipherSpi
        Throws:
        javax.crypto.ShortBufferException
        javax.crypto.IllegalBlockSizeException
        javax.crypto.BadPaddingException

      • engineDoFinal

        protected int engineDoFinal​(byte[] input,
                            int inputOffset,
                            int inputLen,
                            byte[] output,
                            int outputOffset)
                     throws javax.crypto.ShortBufferException,
                            javax.crypto.IllegalBlockSizeException,
                            javax.crypto.BadPaddingException
        Overrides:
        engineDoFinal in class OpenSSLCipher
        Throws:
        javax.crypto.ShortBufferException
        javax.crypto.IllegalBlockSizeException
        javax.crypto.BadPaddingException

      • updateInternal

        int updateInternal​(byte[] input,
                   int inputOffset,
                   int inputLen,
                   byte[] output,
                   int outputOffset,
                   int maximumLen)
            throws javax.crypto.ShortBufferException
        Description copied from class: OpenSSLCipher
        API-specific implementation of updating the cipher. The maximumLen will be the maximum length of the output as returned by OpenSSLCipher.getOutputSizeForUpdate(int). The return value must be the number of bytes processed and placed into output. On error, an exception must be thrown.
        Specified by:
        updateInternal in class OpenSSLCipher
        Throws:
        javax.crypto.ShortBufferException

      • throwAEADBadTagExceptionIfAvailable

        private void throwAEADBadTagExceptionIfAvailable​(java.lang.String message,
                                                 java.lang.Throwable cause)
                                          throws javax.crypto.BadPaddingException
        Throws:
        javax.crypto.BadPaddingException

      • doFinalInternal

        int doFinalInternal​(java.nio.ByteBuffer input,
                    java.nio.ByteBuffer output)
             throws javax.crypto.ShortBufferException,
                    javax.crypto.IllegalBlockSizeException,
                    javax.crypto.BadPaddingException
        Throws:
        javax.crypto.ShortBufferException
        javax.crypto.IllegalBlockSizeException
        javax.crypto.BadPaddingException

      • doFinalInternal

        int doFinalInternal​(byte[] output,
                    int outputOffset,
                    int maximumLen)
             throws javax.crypto.ShortBufferException,
                    javax.crypto.IllegalBlockSizeException,
                    javax.crypto.BadPaddingException
        Description copied from class: OpenSSLCipher
        API-specific implementation of the final block. The maximumLen will be the maximum length of the possible output as returned by OpenSSLCipher.getOutputSizeForFinal(int). The return value must be the number of bytes processed and placed into output. On error, an exception must be thrown.
        Specified by:
        doFinalInternal in class OpenSSLCipher
        Throws:
        javax.crypto.ShortBufferException
        javax.crypto.IllegalBlockSizeException
        javax.crypto.BadPaddingException

      • checkSupportedPadding

        void checkSupportedPadding​(OpenSSLCipher.Padding padding)
                    throws javax.crypto.NoSuchPaddingException
        Description copied from class: OpenSSLCipher
        Checks whether the cipher supports this particular cipher padding and throws NoSuchPaddingException if it doesn't.
        Specified by:
        checkSupportedPadding in class OpenSSLCipher
        Throws:
        javax.crypto.NoSuchPaddingException

      • getOutputSizeForUpdate

        int getOutputSizeForUpdate​(int inputLen)
        AEAD buffers everything until a final output.
        Specified by:
        getOutputSizeForUpdate in class OpenSSLCipher

      • getOutputSizeForFinal

        int getOutputSizeForFinal​(int inputLen)
        Description copied from class: OpenSSLCipher
        The size of output if doFinal() is called with this inputLen. If padding is enabled and the size of the input puts it right at the block size, it will add another block for the padding.
        Specified by:
        getOutputSizeForFinal in class OpenSSLCipher

      • engineUpdateAAD

        protected void engineUpdateAAD​(byte[] input,
                               int inputOffset,
                               int inputLen)
        Overrides:
        engineUpdateAAD in class javax.crypto.CipherSpi

      • engineUpdateAAD

        protected void engineUpdateAAD​(java.nio.ByteBuffer buf)
        Overrides:
        engineUpdateAAD in class javax.crypto.CipherSpi

      • getEVP_AEAD

        abstract long getEVP_AEAD​(int keyLength)
                   throws java.security.InvalidKeyException
        Throws:
        java.security.InvalidKeyException