src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java

Print this page
7191662: JCE providers should be located via ServiceLoader


  31 import java.util.Set;
  32 import java.util.Arrays;
  33 import java.security.*;
  34 import java.security.spec.*;
  35 import javax.crypto.*;
  36 import javax.crypto.spec.SecretKeySpec;
  37 import javax.crypto.spec.GCMParameterSpec;
  38 
  39 /**
  40  * Cipher wrapper class utilizing ucrypto APIs. This class currently supports
  41  * - AES/GCM/NoPADDING
  42  *
  43  * @since 1.9
  44  */
  45 class NativeGCMCipher extends NativeCipher {
  46 
  47     public static final class AesGcmNoPadding extends NativeGCMCipher {
  48         public AesGcmNoPadding() throws NoSuchAlgorithmException {
  49             super(-1);
  50         }


  51     }
  52     public static final class Aes128GcmNoPadding extends NativeGCMCipher {
  53         public Aes128GcmNoPadding() throws NoSuchAlgorithmException {
  54             super(16);
  55         }
  56     }
  57     public static final class Aes192GcmNoPadding extends NativeGCMCipher {
  58         public Aes192GcmNoPadding() throws NoSuchAlgorithmException {
  59             super(24);
  60         }
  61     }
  62     public static final class Aes256GcmNoPadding extends NativeGCMCipher {
  63         public Aes256GcmNoPadding() throws NoSuchAlgorithmException {
  64             super(32);
  65         }
  66     }
  67 
  68     private static final int DEFAULT_TAG_LEN = 128; // same as SunJCE provider
  69 
  70     // buffer for storing AAD data; if null, meaning buffer content has been
  71     // supplied to native context
  72     private ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream();
  73 
  74     // buffer for storing input in decryption, not used for encryption
  75     private ByteArrayOutputStream ibuffer = null;
  76 
  77     private int tagLen = DEFAULT_TAG_LEN;
  78 
  79     /*
  80      * variables used for performing the GCM (key+iv) uniqueness check.
  81      * To use GCM mode safely, the cipher object must be re-initialized
  82      * with a different combination of key + iv values for each
  83      * ENCRYPTION operation. However, checking all past key + iv values
  84      * isn't feasible. Thus, we only do a per-instance check of the
  85      * key + iv values used in previous encryption.
  86      * For decryption operations, no checking is necessary.




  31 import java.util.Set;
  32 import java.util.Arrays;
  33 import java.security.*;
  34 import java.security.spec.*;
  35 import javax.crypto.*;
  36 import javax.crypto.spec.SecretKeySpec;
  37 import javax.crypto.spec.GCMParameterSpec;
  38 
  39 /**
  40  * Cipher wrapper class utilizing ucrypto APIs. This class currently supports
  41  * - AES/GCM/NoPADDING
  42  *
  43  * @since 1.9
  44  */
  45 class NativeGCMCipher extends NativeCipher {
  46 
  47     public static final class AesGcmNoPadding extends NativeGCMCipher {
  48         public AesGcmNoPadding() throws NoSuchAlgorithmException {
  49             super(-1);
  50         }
  51         public AesGcmNoPadding(int keySize) throws NoSuchAlgorithmException {
  52             super(keySize);
  53         }



  54     }











  55 
  56     private static final int DEFAULT_TAG_LEN = 128; // same as SunJCE provider
  57 
  58     // buffer for storing AAD data; if null, meaning buffer content has been
  59     // supplied to native context
  60     private ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream();
  61 
  62     // buffer for storing input in decryption, not used for encryption
  63     private ByteArrayOutputStream ibuffer = null;
  64 
  65     private int tagLen = DEFAULT_TAG_LEN;
  66 
  67     /*
  68      * variables used for performing the GCM (key+iv) uniqueness check.
  69      * To use GCM mode safely, the cipher object must be re-initialized
  70      * with a different combination of key + iv values for each
  71      * ENCRYPTION operation. However, checking all past key + iv values
  72      * isn't feasible. Thus, we only do a per-instance check of the
  73      * key + iv values used in previous encryption.
  74      * For decryption operations, no checking is necessary.