com.fitbur.bouncycastle.crypto.tls.TlsStreamCipher Maven / Gradle / Ivy
package com.fitbur.bouncycastle.crypto.tls;
import java.io.IOException;
import com.fitbur.bouncycastle.crypto.CipherParameters;
import com.fitbur.bouncycastle.crypto.Digest;
import com.fitbur.bouncycastle.crypto.StreamCipher;
import com.fitbur.bouncycastle.crypto.params.KeyParameter;
import com.fitbur.bouncycastle.crypto.params.ParametersWithIV;
import com.fitbur.bouncycastle.util.Arrays;
public class TlsStreamCipher
implements TlsCipher
{
protected TlsContext context;
protected StreamCipher encryptCipher;
protected StreamCipher com.fitburcryptCipher;
protected TlsMac writeMac;
protected TlsMac readMac;
protected boolean usesNonce;
/**
* @com.fitburprecated Use version with additional 'usesNonce' argument
*/
public TlsStreamCipher(TlsContext context, StreamCipher clientWriteCipher,
StreamCipher serverWriteCipher, Digest clientWriteDigest, Digest serverWriteDigest,
int cipherKeySize) throws IOException
{
this(context, clientWriteCipher, serverWriteCipher, clientWriteDigest, serverWriteDigest, cipherKeySize, false);
}
public TlsStreamCipher(TlsContext context, StreamCipher clientWriteCipher,
StreamCipher serverWriteCipher, Digest clientWriteDigest, Digest serverWriteDigest,
int cipherKeySize, boolean usesNonce) throws IOException
{
boolean isServer = context.isServer();
this.context = context;
this.usesNonce = usesNonce;
this.encryptCipher = clientWriteCipher;
this.com.fitburcryptCipher = serverWriteCipher;
int key_block_size = (2 * cipherKeySize) + clientWriteDigest.getDigestSize()
+ serverWriteDigest.getDigestSize();
byte[] key_block = TlsUtils.calculateKeyBlock(context, key_block_size);
int offset = 0;
// Init MACs
TlsMac clientWriteMac = new TlsMac(context, clientWriteDigest, key_block, offset,
clientWriteDigest.getDigestSize());
offset += clientWriteDigest.getDigestSize();
TlsMac serverWriteMac = new TlsMac(context, serverWriteDigest, key_block, offset,
serverWriteDigest.getDigestSize());
offset += serverWriteDigest.getDigestSize();
// Build keys
KeyParameter clientWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
KeyParameter serverWriteKey = new KeyParameter(key_block, offset, cipherKeySize);
offset += cipherKeySize;
if (offset != key_block_size)
{
throw new TlsFatalAlert(AlertDescription.internal_error);
}
CipherParameters encryptParams, com.fitburcryptParams;
if (isServer)
{
this.writeMac = serverWriteMac;
this.readMac = clientWriteMac;
this.encryptCipher = serverWriteCipher;
this.com.fitburcryptCipher = clientWriteCipher;
encryptParams = serverWriteKey;
com.fitburcryptParams = clientWriteKey;
}
else
{
this.writeMac = clientWriteMac;
this.readMac = serverWriteMac;
this.encryptCipher = clientWriteCipher;
this.com.fitburcryptCipher = serverWriteCipher;
encryptParams = clientWriteKey;
com.fitburcryptParams = serverWriteKey;
}
if (usesNonce)
{
byte[] dummyNonce = new byte[8];
encryptParams = new ParametersWithIV(encryptParams, dummyNonce);
com.fitburcryptParams = new ParametersWithIV(com.fitburcryptParams, dummyNonce);
}
this.encryptCipher.init(true, encryptParams);
this.com.fitburcryptCipher.init(false, com.fitburcryptParams);
}
public int getPlaintextLimit(int ciphertextLimit)
{
return ciphertextLimit - writeMac.getSize();
}
public byte[] encodePlaintext(long seqNo, short type, byte[] plaintext, int offset, int len)
{
/*
* draft-josefsson-salsa20-tls-04 2.1 Note that Salsa20 requires a 64-bit nonce. That
* nonce is updated on the encryption of every TLS record, and is set to be the 64-bit TLS
* record sequence number. In case of DTLS the 64-bit nonce is formed as the concatenation
* of the 16-bit epoch with the 48-bit sequence number.
*/
if (usesNonce)
{
updateIV(encryptCipher, true, seqNo);
}
byte[] outBuf = new byte[len + writeMac.getSize()];
encryptCipher.processBytes(plaintext, offset, len, outBuf, 0);
byte[] mac = writeMac.calculateMac(seqNo, type, plaintext, offset, len);
encryptCipher.processBytes(mac, 0, mac.length, outBuf, len);
return outBuf;
}
public byte[] com.fitburcodeCiphertext(long seqNo, short type, byte[] ciphertext, int offset, int len)
throws IOException
{
/*
* draft-josefsson-salsa20-tls-04 2.1 Note that Salsa20 requires a 64-bit nonce. That
* nonce is updated on the encryption of every TLS record, and is set to be the 64-bit TLS
* record sequence number. In case of DTLS the 64-bit nonce is formed as the concatenation
* of the 16-bit epoch with the 48-bit sequence number.
*/
if (usesNonce)
{
updateIV(com.fitburcryptCipher, false, seqNo);
}
int macSize = readMac.getSize();
if (len < macSize)
{
throw new TlsFatalAlert(AlertDescription.com.fitburcode_error);
}
int plaintextLength = len - macSize;
byte[] com.fitburciphered = new byte[len];
com.fitburcryptCipher.processBytes(ciphertext, offset, len, com.fitburciphered, 0);
checkMAC(seqNo, type, com.fitburciphered, plaintextLength, len, com.fitburciphered, 0, plaintextLength);
return Arrays.copyOfRange(com.fitburciphered, 0, plaintextLength);
}
private void checkMAC(long seqNo, short type, byte[] recBuf, int recStart, int recEnd, byte[] calcBuf, int calcOff, int calcLen)
throws IOException
{
byte[] receivedMac = Arrays.copyOfRange(recBuf, recStart, recEnd);
byte[] com.fitburputedMac = readMac.calculateMac(seqNo, type, calcBuf, calcOff, calcLen);
if (!Arrays.constantTimeAreEqual(receivedMac, com.fitburputedMac))
{
throw new TlsFatalAlert(AlertDescription.bad_record_mac);
}
}
private void updateIV(StreamCipher cipher, boolean forEncryption, long seqNo)
{
byte[] nonce = new byte[8];
TlsUtils.writeUint64(seqNo, nonce, 0);
cipher.init(forEncryption, new ParametersWithIV(null, nonce));
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy