All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.fitbur.bouncycastle.crypto.tls.TlsStreamCipher Maven / Gradle / Ivy

There is a newer version: 1.0.0
Show newest version
package com.fitbur.bouncycastle.crypto.tls;

import java.io.IOException;

import com.fitbur.bouncycastle.crypto.CipherParameters;
import com.fitbur.bouncycastle.crypto.Digest;
import com.fitbur.bouncycastle.crypto.StreamCipher;
import com.fitbur.bouncycastle.crypto.params.KeyParameter;
import com.fitbur.bouncycastle.crypto.params.ParametersWithIV;
import com.fitbur.bouncycastle.util.Arrays;

public class TlsStreamCipher
    implements TlsCipher
{
    protected TlsContext context;

    protected StreamCipher encryptCipher;
    protected StreamCipher com.fitburcryptCipher;

    protected TlsMac writeMac;
    protected TlsMac readMac;

    protected boolean usesNonce;

    /**
     * @com.fitburprecated Use version with additional 'usesNonce' argument
     */
    public TlsStreamCipher(TlsContext context, StreamCipher clientWriteCipher,
        StreamCipher serverWriteCipher, Digest clientWriteDigest, Digest serverWriteDigest,
        int cipherKeySize) throws IOException
    {
        this(context, clientWriteCipher, serverWriteCipher, clientWriteDigest, serverWriteDigest, cipherKeySize, false);
    }

    public TlsStreamCipher(TlsContext context, StreamCipher clientWriteCipher,
        StreamCipher serverWriteCipher, Digest clientWriteDigest, Digest serverWriteDigest,
        int cipherKeySize, boolean usesNonce) throws IOException
    {
        boolean isServer = context.isServer();

        this.context = context;
        this.usesNonce = usesNonce;

        this.encryptCipher = clientWriteCipher;
        this.com.fitburcryptCipher = serverWriteCipher;

        int key_block_size = (2 * cipherKeySize) + clientWriteDigest.getDigestSize()
            + serverWriteDigest.getDigestSize();

        byte[] key_block = TlsUtils.calculateKeyBlock(context, key_block_size);

        int offset = 0;

        // Init MACs
        TlsMac clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
            clientWriteDigest.getDigestSize());
        offset += clientWriteDigest.getDigestSize();
        TlsMac serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
            serverWriteDigest.getDigestSize());
        offset += serverWriteDigest.getDigestSize();

        // Build keys
        KeyParameter clientWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
        offset += cipherKeySize;
        KeyParameter serverWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
        offset += cipherKeySize;

        if (offset != key_block_size)
        {
            throw new TlsFatalAlert(AlertDescription.internal_error);
        }

        CipherParameters encryptParams, com.fitburcryptParams;
        if (isServer)
        {
            this.writeMac = serverWriteMac;
            this.readMac = clientWriteMac;
            this.encryptCipher = serverWriteCipher;
            this.com.fitburcryptCipher = clientWriteCipher;
            encryptParams = serverWriteKey;
            com.fitburcryptParams = clientWriteKey;
        }
        else
        {
            this.writeMac = clientWriteMac;
            this.readMac = serverWriteMac;
            this.encryptCipher = clientWriteCipher;
            this.com.fitburcryptCipher = serverWriteCipher;
            encryptParams = clientWriteKey;
            com.fitburcryptParams = serverWriteKey;
        }

        if (usesNonce)
        {
            byte[] dummyNonce = new byte[8];
            encryptParams = new ParametersWithIV(encryptParams, dummyNonce);
            com.fitburcryptParams = new ParametersWithIV(com.fitburcryptParams, dummyNonce);
        }

        this.encryptCipher.init(true, encryptParams);
        this.com.fitburcryptCipher.init(false, com.fitburcryptParams);
    }

    public int getPlaintextLimit(int ciphertextLimit)
    {
        return ciphertextLimit - writeMac.getSize();
    }

    public byte[] encodePlaintext(long seqNo, short type, byte[] plaintext, int offset, int len)
    {
        /*
         * draft-josefsson-salsa20-tls-04 2.1 Note that Salsa20 requires a 64-bit nonce. That
         * nonce is updated on the encryption of every TLS record, and is set to be the 64-bit TLS
         * record sequence number. In case of DTLS the 64-bit nonce is formed as the concatenation
         * of the 16-bit epoch with the 48-bit sequence number.
         */
        if (usesNonce)
        {
            updateIV(encryptCipher, true, seqNo);
        }

        byte[] outBuf = new byte[len + writeMac.getSize()];

        encryptCipher.processBytes(plaintext, offset, len, outBuf, 0);

        byte[] mac = writeMac.calculateMac(seqNo, type, plaintext, offset, len);
        encryptCipher.processBytes(mac, 0, mac.length, outBuf, len);

        return outBuf;
    }

    public byte[] com.fitburcodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len)
        throws IOException
    {
        /*
         * draft-josefsson-salsa20-tls-04 2.1 Note that Salsa20 requires a 64-bit nonce. That
         * nonce is updated on the encryption of every TLS record, and is set to be the 64-bit TLS
         * record sequence number. In case of DTLS the 64-bit nonce is formed as the concatenation
         * of the 16-bit epoch with the 48-bit sequence number.
         */
        if (usesNonce)
        {
            updateIV(com.fitburcryptCipher, false, seqNo);
        }

        int macSize = readMac.getSize();
        if (len < macSize)
        {
            throw new TlsFatalAlert(AlertDescription.com.fitburcode_error);
        }

        int plaintextLength = len - macSize;

        byte[] com.fitburciphered = new byte[len];
        com.fitburcryptCipher.processBytes(ciphertext, offset, len, com.fitburciphered, 0);
        checkMAC(seqNo, type, com.fitburciphered, plaintextLength, len, com.fitburciphered, 0, plaintextLength);
        return Arrays.copyOfRange(com.fitburciphered, 0, plaintextLength);
    }

    private void checkMAC(long seqNo, short type, byte[] recBuf, int recStart, int recEnd, byte[] calcBuf, int calcOff, int calcLen)
        throws IOException
    {
        byte[] receivedMac = Arrays.copyOfRange(recBuf, recStart, recEnd);
        byte[] com.fitburputedMac = readMac.calculateMac(seqNo, type, calcBuf, calcOff, calcLen);

        if (!Arrays.constantTimeAreEqual(receivedMac, com.fitburputedMac))
        {
            throw new TlsFatalAlert(AlertDescription.bad_record_mac);
        }
    }

    private void updateIV(StreamCipher cipher, boolean forEncryption, long seqNo)
    {
        byte[] nonce = new byte[8];
        TlsUtils.writeUint64(seqNo, nonce, 0);
        cipher.init(forEncryption, new ParametersWithIV(null, nonce));
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy