1 /* 2 * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package com.oracle.security.ucrypto; 27 28 import java.io.IOException; 29 import java.util.Arrays; 30 import java.security.AlgorithmParametersSpi; 31 import java.security.spec.AlgorithmParameterSpec; 32 import java.security.spec.InvalidParameterSpecException; 33 import javax.crypto.spec.GCMParameterSpec; 34 import sun.security.util.*; 35 36 /** 37 * This class implements the parameter set used with GCM mode 38 * which is defined in RFC5084 as follows: 39 * 40 * <pre> 41 * GCMParameters ::= SEQUENCE { 42 * aes-nonce OCTET STRING, -- recommended size is 12 octets 43 * aes-ICVlen AES-GCM-ICVlen DEFAULT 12 } 44 * 45 * where 46 * AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16) 47 * NOTE: however, NIST 800-38D also lists 4 (32bit) and 8 (64bit) 48 * as possible AES-GCM-ICVlen values, so we allow all 6 values. 49 * </pre> 50 * 51 * @since 9 52 */ 53 public final class GCMParameters extends AlgorithmParametersSpi { 54 55 private byte[] iv; // i.e. aes-nonce 56 private int tLen; // i.e. aes-ICVlen, in bytes 57 58 public GCMParameters() {} 59 60 private void setValues(byte[] iv, int tLen) throws IOException { 61 if (iv == null) { 62 throw new IOException("IV cannot be null"); 63 } 64 if (tLen != 4 && tLen != 8 && (tLen < 12 || tLen > 16)) { 65 throw new IOException("Unsupported tag length: " + tLen); 66 } 67 this.iv = iv; 68 this.tLen = tLen; 69 } 70 71 protected byte[] engineGetEncoded() throws IOException { 72 DerOutputStream out = new DerOutputStream(); 73 DerOutputStream bytes = new DerOutputStream(); 74 75 bytes.putOctetString(iv); 76 bytes.putInteger(tLen); 77 out.write(DerValue.tag_Sequence, bytes); 78 return out.toByteArray(); 79 } 80 81 protected byte[] engineGetEncoded(String format) throws IOException { 82 // ignore format for now 83 return engineGetEncoded(); 84 } 85 86 protected <T extends AlgorithmParameterSpec> 87 T engineGetParameterSpec(Class<T> paramSpec) 88 throws InvalidParameterSpecException { 89 if (GCMParameterSpec.class.isAssignableFrom(paramSpec)) { 90 return paramSpec.cast(new GCMParameterSpec(tLen*8, iv.clone())); 91 } else { 92 throw new InvalidParameterSpecException 93 ("Inappropriate parameter specification. Received " + 94 paramSpec.getClass().getName()); 95 } 96 } 97 98 protected void engineInit(AlgorithmParameterSpec paramSpec) 99 throws InvalidParameterSpecException { 100 if (!(paramSpec instanceof GCMParameterSpec)) { 101 throw new InvalidParameterSpecException 102 ("Inappropriate parameter specification. Received " + 103 paramSpec.getClass().getName()); 104 } 105 GCMParameterSpec gcmSpec = (GCMParameterSpec) paramSpec; 106 try { 107 setValues(gcmSpec.getIV(), gcmSpec.getTLen()/8); 108 } catch (IOException ioe) { 109 throw new InvalidParameterSpecException(ioe.getMessage()); 110 } 111 } 112 113 protected void engineInit(byte[] encoded) throws IOException { 114 DerValue val = new DerValue(encoded); 115 if (val.tag == DerValue.tag_Sequence) { 116 val.data.reset(); 117 setValues(val.data.getOctetString(), val.data.getInteger()); 118 } else { 119 throw new IOException("GCM parameter parsing error: SEQ tag expected." + 120 " Received: " + val.tag); 121 } 122 } 123 124 protected void engineInit(byte[] encoded, String format) 125 throws IOException { 126 // ignore format for now 127 engineInit(encoded); 128 } 129 130 protected String engineToString() { 131 return ("IV=" + Arrays.toString(iv) + ", tLen=" + tLen * 8); 132 } 133 }