1 /*
2 * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package com.sun.crypto.provider;
27
28 import java.security.InvalidKeyException;
29 import java.security.ProviderException;
30 import java.util.Objects;
31
32 import jdk.internal.HotSpotIntrinsicCandidate;
33
34
35 /**
36 * This class represents ciphers in cipher block chaining (CBC) mode.
37 *
38 * <p>This mode is implemented independently of a particular cipher.
39 * Ciphers to which this mode should apply (e.g., DES) must be
40 * <i>plugged-in</i> using the constructor.
41 *
42 * <p>NOTE: This class does not deal with buffering or padding.
43 *
44 * @author Gigi Ankeny
45 */
46
47 class CipherBlockChaining extends FeedbackCipher {
48
49 /*
50 * random bytes that are initialized with iv
51 */
52 protected byte[] r;
53
54 /*
55 * output buffer
56 */
57 private byte[] k;
58
59 // variables for save/restore calls
60 private byte[] rSave = null;
61
62 CipherBlockChaining(SymmetricCipher embeddedCipher) {
63 super(embeddedCipher);
64 k = new byte[blockSize];
65 r = new byte[blockSize];
66 }
67
68 /**
69 * Gets the name of this feedback mode.
70 *
71 * @return the string <code>CBC</code>
72 */
73 String getFeedback() {
74 return "CBC";
75 }
76
77 /**
78 * Initializes the cipher in the specified mode with the given key
79 * and iv.
80 *
81 * @param decrypting flag indicating encryption or decryption
82 * @param algorithm the algorithm name
83 * @param key the key
84 * @param iv the iv
85 *
86 * @exception InvalidKeyException if the given key is inappropriate for
87 * initializing this cipher
88 */
89 void init(boolean decrypting, String algorithm, byte[] key, byte[] iv)
90 throws InvalidKeyException {
91 if ((key == null) || (iv == null) || (iv.length != blockSize)) {
92 throw new InvalidKeyException("Internal error");
93 }
94 this.iv = iv;
95 reset();
96 embeddedCipher.init(decrypting, algorithm, key);
97 }
98
99 /**
100 * Resets the iv to its original value.
101 * This is used when doFinal is called in the Cipher class, so that the
102 * cipher can be reused (with its original iv).
103 */
104 void reset() {
105 System.arraycopy(iv, 0, r, 0, blockSize);
106 }
107
108 /**
109 * Save the current content of this cipher.
110 */
111 void save() {
112 if (rSave == null) {
113 rSave = new byte[blockSize];
114 }
115 System.arraycopy(r, 0, rSave, 0, blockSize);
116 }
117
118 /**
119 * Restores the content of this cipher to the previous saved one.
120 */
121 void restore() {
122 System.arraycopy(rSave, 0, r, 0, blockSize);
123 }
124
125 /**
126 * Performs encryption operation.
127 *
128 * <p>The input plain text <code>plain</code>, starting at
129 * <code>plainOffset</code> and ending at
130 * <code>(plainOffset + plainLen - 1)</code>, is encrypted.
131 * The result is stored in <code>cipher</code>, starting at
132 * <code>cipherOffset</code>.
133 *
134 * @param plain the buffer with the input data to be encrypted
135 * @param plainOffset the offset in <code>plain</code>
136 * @param plainLen the length of the input data
137 * @param cipher the buffer for the result
138 * @param cipherOffset the offset in <code>cipher</code>
139 * @exception ProviderException if <code>len</code> is not
140 * a multiple of the block size
141 * @return the length of the encrypted data
142 */
143 int encrypt(byte[] plain, int plainOffset, int plainLen,
144 byte[] cipher, int cipherOffset) {
145 cryptBlockSizeCheck(plainLen);
146 cryptNullAndBoundsCheck(plain, plainOffset, plainLen);
147 cryptNullAndBoundsCheck(cipher, cipherOffset, plainLen);
148 return implEncrypt(plain, plainOffset, plainLen,
149 cipher, cipherOffset);
150 }
151
152 @HotSpotIntrinsicCandidate
153 private int implEncrypt(byte[] plain, int plainOffset, int plainLen,
154 byte[] cipher, int cipherOffset)
155 {
156 int endIndex = plainOffset + plainLen;
157
158 for (; plainOffset < endIndex;
159 plainOffset += blockSize, cipherOffset += blockSize) {
160 for (int i = 0; i < blockSize; i++) {
161 k[i] = (byte)(plain[i + plainOffset] ^ r[i]);
162 }
163 embeddedCipher.encryptBlock(k, 0, cipher, cipherOffset);
164 System.arraycopy(cipher, cipherOffset, r, 0, blockSize);
165 }
166 return plainLen;
167 }
168
169 /**
170 * Performs decryption operation.
171 *
172 * <p>The input cipher text <code>cipher</code>, starting at
173 * <code>cipherOffset</code> and ending at
174 * <code>(cipherOffset + cipherLen - 1)</code>, is decrypted.
175 * The result is stored in <code>plain</code>, starting at
176 * <code>plainOffset</code>.
177 *
178 * <p>It is also the application's responsibility to make sure that
179 * <code>init</code> has been called before this method is called.
180 * (This check is omitted here, to avoid double checking.)
181 *
182 * @param cipher the buffer with the input data to be decrypted
183 * @param cipherOffset the offset in <code>cipherOffset</code>
184 * @param cipherLen the length of the input data
185 * @param plain the buffer for the result
186 * @param plainOffset the offset in <code>plain</code>
187 * @exception ProviderException if <code>len</code> is not
188 * a multiple of the block size
189 * @return the length of the decrypted data
190 */
191 int decrypt(byte[] cipher, int cipherOffset, int cipherLen,
192 byte[] plain, int plainOffset) {
193 cryptBlockSizeCheck(cipherLen);
194 cryptNullAndBoundsCheck(cipher, cipherOffset, cipherLen);
195 cryptNullAndBoundsCheck(plain, plainOffset, cipherLen);
196 return implDecrypt(cipher, cipherOffset, cipherLen, plain, plainOffset);
197 }
198
199 @HotSpotIntrinsicCandidate
200 private int implDecrypt(byte[] cipher, int cipherOffset, int cipherLen,
201 byte[] plain, int plainOffset)
202 {
203 int endIndex = cipherOffset + cipherLen;
204
205 for (; cipherOffset < endIndex;
206 cipherOffset += blockSize, plainOffset += blockSize) {
207 embeddedCipher.decryptBlock(cipher, cipherOffset, k, 0);
208 for (int i = 0; i < blockSize; i++) {
209 plain[i + plainOffset] = (byte)(k[i] ^ r[i]);
210 }
211 System.arraycopy(cipher, cipherOffset, r, 0, blockSize);
212 }
213 return cipherLen;
214 }
215
216 private void cryptBlockSizeCheck(int len) {
217 if ((len % blockSize) != 0) {
218 throw new ProviderException("Internal error in input buffering");
219 }
220 }
221
222 private static void cryptNullAndBoundsCheck(byte[] array, int offset, int len) {
223 if (len <= 0) {
224 return; // not an error because cryptImpl/decryptImpl won't execute if len <= 0
225 }
226
227 Objects.requireNonNull(array);
228
229 if (offset < 0 || offset >= array.length) {
230 throw new ArrayIndexOutOfBoundsException(offset);
231 }
232
233 int endIndex = offset + len - 1;
234 if (endIndex < 0 || endIndex >= array.length) {
235 throw new ArrayIndexOutOfBoundsException(endIndex);
236 }
237 }
238 }