Package org.conscrypt
Class OpenSSLAeadCipher
java.lang.Object
javax.crypto.CipherSpi
org.conscrypt.OpenSSLCipher
org.conscrypt.OpenSSLAeadCipher
- Direct Known Subclasses:
OpenSSLAeadCipherAES,OpenSSLAeadCipherChaCha20
-
Nested Class Summary
Nested classes/interfaces inherited from class org.conscrypt.OpenSSLCipher
OpenSSLCipher.Mode, OpenSSLCipher.Padding -
Field Summary
FieldsModifier and TypeFieldDescriptionprivate byte[]Additional authenticated data.(package private) byte[]The byte array containing the bytes written.(package private) intThe number of bytes written.(package private) static final intThe default tag size when one is not specified.private static final booleanControls whether no-copy optimizations for direct ByteBuffers are enabled.(package private) longAEAD cipher reference.private static intKeeps track of the last used block size.private booleanWhen set this instance must be initialized before use again.private byte[]The previously used nonce (IV) to prevent key + nonce reuse.private byte[]The previously used key to prevent key + nonce (IV) reuse.(package private) intThe length of the AEAD cipher tag in bytes.Fields inherited from class org.conscrypt.OpenSSLCipher
encodedKey, iv, mode -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescription(package private) booleanReturns whether reusing nonces is allowed (aka, whether this is nonce misuse-resistant).private booleanarraysAreEqual(byte[] a, byte[] b) Constant-time array comparison.private void(package private) voidChecks whether the cipher supports this particular cipherpaddingand throwsNoSuchPaddingExceptionif it doesn't.(package private) voidcheckSupportedTagLength(int tagLenBits) (package private) intdoFinalInternal(byte[] output, int outputOffset, int maximumLen) API-specific implementation of the final block.(package private) intdoFinalInternal(ByteBuffer input, ByteBuffer output) protected intengineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) protected intengineDoFinal(ByteBuffer input, ByteBuffer output) (package private) voidengineInitInternal(byte[] encodedKey, AlgorithmParameterSpec params, SecureRandom random) API-specific implementation of initializing the cipher.protected voidengineUpdateAAD(byte[] input, int inputOffset, int inputLen) protected voidprivate voidexpand(int i) (package private) abstract longgetEVP_AEAD(int keyLength) (package private) intgetOutputSizeForFinal(int inputLen) The size of output ifdoFinal()is called with thisinputLen.(package private) intgetOutputSizeForUpdate(int inputLen) AEAD buffers everything until a final output.private voidreset()private voidthrowAEADBadTagExceptionIfAvailable(String message, Throwable cause) (package private) intupdateInternal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset, int maximumLen) API-specific implementation of updating the cipher.Methods inherited from class org.conscrypt.OpenSSLCipher
checkSupportedKeySize, checkSupportedMode, engineDoFinal, engineGetBlockSize, engineGetIV, engineGetKeySize, engineGetOutputSize, engineGetParameters, engineInit, engineInit, engineInit, engineSetMode, engineSetPadding, engineUnwrap, engineUpdate, engineUpdate, engineWrap, getBaseCipherName, getCipherBlockSize, getPadding, getParameterSpec, isEncrypting, supportsVariableSizeIv, supportsVariableSizeKeyMethods inherited from class javax.crypto.CipherSpi
engineUpdate
-
Field Details
-
ENABLE_BYTEBUFFER_OPTIMIZATIONS
private static final boolean ENABLE_BYTEBUFFER_OPTIMIZATIONSControls whether no-copy optimizations for direct ByteBuffers are enabled.- See Also:
-
DEFAULT_TAG_SIZE_BITS
static final int DEFAULT_TAG_SIZE_BITSThe default tag size when one is not specified. Default to full-length tags (128-bits or 16 octets).- See Also:
-
lastGlobalMessageSize
private static int lastGlobalMessageSizeKeeps track of the last used block size. -
previousKey
private byte[] previousKeyThe previously used key to prevent key + nonce (IV) reuse. -
previousIv
private byte[] previousIvThe previously used nonce (IV) to prevent key + nonce reuse. -
mustInitialize
private boolean mustInitializeWhen set this instance must be initialized before use again. This prevents key and IV reuse. -
buf
byte[] bufThe byte array containing the bytes written. -
bufCount
int bufCountThe number of bytes written. -
evpAead
long evpAeadAEAD cipher reference. -
aad
private byte[] aadAdditional authenticated data. -
tagLengthInBytes
int tagLengthInBytesThe length of the AEAD cipher tag in bytes.
-
-
Constructor Details
-
OpenSSLAeadCipher
-
-
Method Details
-
checkInitialization
private void checkInitialization() -
arraysAreEqual
private boolean arraysAreEqual(byte[] a, byte[] b) Constant-time array comparison. Since we are using this to compare keys, we want to ensure there's no opportunity for a timing attack. -
expand
private void expand(int i) -
reset
private void reset() -
engineInitInternal
void engineInitInternal(byte[] encodedKey, AlgorithmParameterSpec params, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException Description copied from class:OpenSSLCipherAPI-specific implementation of initializing the cipher. TheOpenSSLCipher.isEncrypting()function will tell whether it should be initialized for encryption or decryption. TheencodedKeywill be the bytes of a supported key size.- Specified by:
engineInitInternalin classOpenSSLCipher- Throws:
InvalidKeyExceptionInvalidAlgorithmParameterException
-
checkSupportedTagLength
-
allowsNonceReuse
boolean allowsNonceReuse()Returns whether reusing nonces is allowed (aka, whether this is nonce misuse-resistant). Most AEAD ciphers are not, but some are specially constructed so that reusing a key/nonce pair is safe. -
engineDoFinal
protected int engineDoFinal(ByteBuffer input, ByteBuffer output) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException - Overrides:
engineDoFinalin classCipherSpi- Throws:
ShortBufferExceptionIllegalBlockSizeExceptionBadPaddingException
-
engineDoFinal
protected int engineDoFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException - Overrides:
engineDoFinalin classOpenSSLCipher- Throws:
ShortBufferExceptionIllegalBlockSizeExceptionBadPaddingException
-
updateInternal
int updateInternal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset, int maximumLen) throws ShortBufferException Description copied from class:OpenSSLCipherAPI-specific implementation of updating the cipher. ThemaximumLenwill be the maximum length of the output as returned byOpenSSLCipher.getOutputSizeForUpdate(int). The return value must be the number of bytes processed and placed intooutput. On error, an exception must be thrown.- Specified by:
updateInternalin classOpenSSLCipher- Throws:
ShortBufferException
-
throwAEADBadTagExceptionIfAvailable
private void throwAEADBadTagExceptionIfAvailable(String message, Throwable cause) throws BadPaddingException - Throws:
BadPaddingException
-
doFinalInternal
int doFinalInternal(ByteBuffer input, ByteBuffer output) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException -
doFinalInternal
int doFinalInternal(byte[] output, int outputOffset, int maximumLen) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException Description copied from class:OpenSSLCipherAPI-specific implementation of the final block. ThemaximumLenwill be the maximum length of the possible output as returned byOpenSSLCipher.getOutputSizeForFinal(int). The return value must be the number of bytes processed and placed intooutput. On error, an exception must be thrown.- Specified by:
doFinalInternalin classOpenSSLCipher- Throws:
ShortBufferExceptionIllegalBlockSizeExceptionBadPaddingException
-
checkSupportedPadding
Description copied from class:OpenSSLCipherChecks whether the cipher supports this particular cipherpaddingand throwsNoSuchPaddingExceptionif it doesn't.- Specified by:
checkSupportedPaddingin classOpenSSLCipher- Throws:
NoSuchPaddingException
-
getOutputSizeForUpdate
int getOutputSizeForUpdate(int inputLen) AEAD buffers everything until a final output.- Specified by:
getOutputSizeForUpdatein classOpenSSLCipher
-
getOutputSizeForFinal
int getOutputSizeForFinal(int inputLen) Description copied from class:OpenSSLCipherThe size of output ifdoFinal()is called with thisinputLen. If padding is enabled and the size of the input puts it right at the block size, it will add another block for the padding.- Specified by:
getOutputSizeForFinalin classOpenSSLCipher
-
engineUpdateAAD
protected void engineUpdateAAD(byte[] input, int inputOffset, int inputLen) - Overrides:
engineUpdateAADin classCipherSpi
-
engineUpdateAAD
- Overrides:
engineUpdateAADin classCipherSpi
-
getEVP_AEAD
- Throws:
InvalidKeyException
-