< prev index next >

src/share/classes/sun/security/ssl/CipherBox.java

Print this page
rev 11548 : 8133070: Hot lock on BulkCipher.isAvailable
Reviewed-by: mullan
Contributed-by: xuelei.fan@oracle.com, kungu.mjh@alibaba-inc.com


1027                 GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
1028                 try {
1029                     cipher.init(mode, key, spec, random);
1030                 } catch (InvalidKeyException |
1031                             InvalidAlgorithmParameterException ikae) {
1032                     // unlikely to happen
1033                     throw new RuntimeException(
1034                                 "invalid key or spec in GCM mode", ikae);
1035                 }
1036 
1037                 // update the additional authentication data
1038                 byte[] aad = authenticator.acquireAuthenticationBytes(
1039                                                 contentType, fragmentLength);
1040                 cipher.updateAAD(aad);
1041                 break;
1042         }
1043 
1044         return nonce;
1045     }
1046 
1047     /*
1048      * Is this cipher available?
1049      *
1050      * This method can only be called by CipherSuite.BulkCipher.isAvailable()
1051      * to test the availability of a cipher suites.  Please DON'T use it in
1052      * other places, otherwise, the behavior may be unexpected because we may
1053      * initialize AEAD cipher improperly in the method.
1054      */
1055     Boolean isAvailable() {
1056         // We won't know whether a cipher for a particular key size is
1057         // available until the cipher is successfully initialized.
1058         //
1059         // We do not initialize AEAD cipher in the constructor.  Need to
1060         // initialize the cipher to ensure that the AEAD mode for a
1061         // particular key size is supported.
1062         if (cipherType == AEAD_CIPHER) {
1063             try {
1064                 Authenticator authenticator =
1065                     new Authenticator(protocolVersion);
1066                 byte[] nonce = authenticator.sequenceNumber();
1067                 byte[] iv = Arrays.copyOf(fixedIv,
1068                                             fixedIv.length + nonce.length);
1069                 System.arraycopy(nonce, 0, iv, fixedIv.length, nonce.length);
1070                 GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
1071 
1072                 cipher.init(mode, key, spec, random);
1073             } catch (Exception e) {
1074                 return Boolean.FALSE;
1075             }
1076         }   // Otherwise, we have initialized the cipher in the constructor.
1077 
1078         return Boolean.TRUE;
1079     }
1080 
1081     /**
1082      * Sanity check the length of a fragment before decryption.
1083      *
1084      * In CBC mode, check that the fragment length is one or multiple times
1085      * of the block size of the cipher suite, and is at least one (one is the
1086      * smallest size of padding in CBC mode) bigger than the tag size of the
1087      * MAC algorithm except the explicit IV size for TLS 1.1 or later.
1088      *
1089      * In non-CBC mode, check that the fragment length is not less than the
1090      * tag size of the MAC algorithm.
1091      *
1092      * @return true if the length of a fragment matches above requirements
1093      */
1094     private boolean sanityCheck(int tagLen, int fragmentLen) {
1095         if (!isCBCMode()) {
1096             return fragmentLen >= tagLen;
1097         }
1098 
1099         int blockSize = cipher.getBlockSize();
1100         if ((fragmentLen % blockSize) == 0) {


1027                 GCMParameterSpec spec = new GCMParameterSpec(tagSize * 8, iv);
1028                 try {
1029                     cipher.init(mode, key, spec, random);
1030                 } catch (InvalidKeyException |
1031                             InvalidAlgorithmParameterException ikae) {
1032                     // unlikely to happen
1033                     throw new RuntimeException(
1034                                 "invalid key or spec in GCM mode", ikae);
1035                 }
1036 
1037                 // update the additional authentication data
1038                 byte[] aad = authenticator.acquireAuthenticationBytes(
1039                                                 contentType, fragmentLength);
1040                 cipher.updateAAD(aad);
1041                 break;
1042         }
1043 
1044         return nonce;
1045     }
1046 


































1047     /**
1048      * Sanity check the length of a fragment before decryption.
1049      *
1050      * In CBC mode, check that the fragment length is one or multiple times
1051      * of the block size of the cipher suite, and is at least one (one is the
1052      * smallest size of padding in CBC mode) bigger than the tag size of the
1053      * MAC algorithm except the explicit IV size for TLS 1.1 or later.
1054      *
1055      * In non-CBC mode, check that the fragment length is not less than the
1056      * tag size of the MAC algorithm.
1057      *
1058      * @return true if the length of a fragment matches above requirements
1059      */
1060     private boolean sanityCheck(int tagLen, int fragmentLen) {
1061         if (!isCBCMode()) {
1062             return fragmentLen >= tagLen;
1063         }
1064 
1065         int blockSize = cipher.getBlockSize();
1066         if ((fragmentLen % blockSize) == 0) {
< prev index next >