src/java.base/share/classes/sun/security/ssl/MAC.java
Print this page
*** 21,31 ****
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
-
package sun.security.ssl;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
--- 21,30 ----
*** 48,58 ****
* @author David Brownell
* @author Andreas Sterbenz
*/
final class MAC extends Authenticator {
! final static MAC NULL = new MAC();
// Value of the null MAC is fixed
private static final byte nullMAC[] = new byte[0];
// internal identifier for the MAC algorithm
--- 47,57 ----
* @author David Brownell
* @author Andreas Sterbenz
*/
final class MAC extends Authenticator {
! final static MAC TLS_NULL = new MAC(false);
// Value of the null MAC is fixed
private static final byte nullMAC[] = new byte[0];
// internal identifier for the MAC algorithm
*** 59,88 ****
private final MacAlg macAlg;
// JCE Mac object
private final Mac mac;
! private MAC() {
macAlg = M_NULL;
mac = null;
}
/**
! * Set up, configured for the given SSL/TLS MAC type and version.
*/
MAC(MacAlg macAlg, ProtocolVersion protocolVersion, SecretKey key)
throws NoSuchAlgorithmException, InvalidKeyException {
super(protocolVersion);
this.macAlg = macAlg;
String algorithm;
- boolean tls = (protocolVersion.v >= ProtocolVersion.TLS10.v);
if (macAlg == M_MD5) {
! algorithm = tls ? "HmacMD5" : "SslMacMD5";
} else if (macAlg == M_SHA) {
! algorithm = tls ? "HmacSHA1" : "SslMacSHA1";
} else if (macAlg == M_SHA256) {
algorithm = "HmacSHA256"; // TLS 1.2+
} else if (macAlg == M_SHA384) {
algorithm = "HmacSHA384"; // TLS 1.2+
} else {
--- 58,91 ----
private final MacAlg macAlg;
// JCE Mac object
private final Mac mac;
! MAC(boolean isDTLS) {
! super(isDTLS);
!
macAlg = M_NULL;
mac = null;
}
/**
! * Set up, configured for the given MAC type and version.
*/
MAC(MacAlg macAlg, ProtocolVersion protocolVersion, SecretKey key)
throws NoSuchAlgorithmException, InvalidKeyException {
super(protocolVersion);
this.macAlg = macAlg;
String algorithm;
+ // using SSL MAC computation?
+ boolean useSSLMac = (protocolVersion.v < ProtocolVersion.TLS10.v);
+
if (macAlg == M_MD5) {
! algorithm = useSSLMac ? "SslMacMD5" : "HmacMD5";
} else if (macAlg == M_SHA) {
! algorithm = useSSLMac ? "SslMacSHA1" : "HmacSHA1";
} else if (macAlg == M_SHA256) {
algorithm = "HmacSHA256"; // TLS 1.2+
} else if (macAlg == M_SHA384) {
algorithm = "HmacSHA384"; // TLS 1.2+
} else {
*** 120,138 ****
* @param type record type
* @param buf compressed record on which the MAC is computed
* @param offset start of compressed record data
* @param len the size of the compressed record
* @param isSimulated if true, simulate the MAC computation
*/
final byte[] compute(byte type, byte buf[],
int offset, int len, boolean isSimulated) {
if (macAlg.size == 0) {
return nullMAC;
}
if (!isSimulated) {
! byte[] additional = acquireAuthenticationBytes(type, len);
mac.update(additional);
}
mac.update(buf, offset, len);
return mac.doFinal();
--- 123,144 ----
* @param type record type
* @param buf compressed record on which the MAC is computed
* @param offset start of compressed record data
* @param len the size of the compressed record
* @param isSimulated if true, simulate the MAC computation
+ *
+ * @return the MAC result
*/
final byte[] compute(byte type, byte buf[],
int offset, int len, boolean isSimulated) {
if (macAlg.size == 0) {
return nullMAC;
}
if (!isSimulated) {
! // Uses the implicit sequence number for the computation.
! byte[] additional = acquireAuthenticationBytes(type, len, null);
mac.update(additional);
}
mac.update(buf, offset, len);
return mac.doFinal();
*** 147,169 ****
*
* @param type record type
* @param bb a ByteBuffer in which the position and limit
* demarcate the data to be MAC'd.
* @param isSimulated if true, simulate the MAC computation
*/
! final byte[] compute(byte type, ByteBuffer bb, boolean isSimulated) {
if (macAlg.size == 0) {
return nullMAC;
}
if (!isSimulated) {
byte[] additional =
! acquireAuthenticationBytes(type, bb.remaining());
mac.update(additional);
}
mac.update(bb);
return mac.doFinal();
}
}
-
--- 153,199 ----
*
* @param type record type
* @param bb a ByteBuffer in which the position and limit
* demarcate the data to be MAC'd.
* @param isSimulated if true, simulate the MAC computation
+ * @param sequence the explicit sequence number, or null if using
+ * the implicit sequence number for the computation
+ *
+ * @return the MAC result
*/
! final byte[] compute(byte type, ByteBuffer bb,
! byte[] sequence, boolean isSimulated) {
!
if (macAlg.size == 0) {
return nullMAC;
}
if (!isSimulated) {
+ // Uses the explicit sequence number for the computation.
byte[] additional =
! acquireAuthenticationBytes(type, bb.remaining(), sequence);
mac.update(additional);
}
mac.update(bb);
return mac.doFinal();
}
+ /**
+ * Compute and returns the MAC for the remaining data
+ * in this ByteBuffer.
+ *
+ * On return, the bb position == limit, and limit will
+ * have not changed.
+ *
+ * @param type record type
+ * @param bb a ByteBuffer in which the position and limit
+ * demarcate the data to be MAC'd.
+ * @param isSimulated if true, simulate the the MAC computation
+ *
+ * @return the MAC result
+ */
+ final byte[] compute(byte type, ByteBuffer bb, boolean isSimulated) {
+ // Uses the implicit sequence number for the computation.
+ return compute(type, bb, null, isSimulated);
+ }
}