/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.oracle.security.ucrypto;
import java.io.IOException;
import java.util.Arrays;
import java.security.AlgorithmParametersSpi;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import javax.crypto.spec.GCMParameterSpec;
import sun.security.util.*;
This class implements the parameter set used with GCM mode
which is defined in RFC5084 as follows:
GCMParameters ::= SEQUENCE {
aes-nonce OCTET STRING, -- recommended size is 12 octets
aes-ICVlen AES-GCM-ICVlen DEFAULT 12 }
where
AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)
NOTE: however, NIST 800-38D also lists 4 (32bit) and 8 (64bit)
as possible AES-GCM-ICVlen values, so we allow all 6 values.
Since: 9
/**
* This class implements the parameter set used with GCM mode
* which is defined in RFC5084 as follows:
*
* <pre>
* GCMParameters ::= SEQUENCE {
* aes-nonce OCTET STRING, -- recommended size is 12 octets
* aes-ICVlen AES-GCM-ICVlen DEFAULT 12 }
*
* where
* AES-GCM-ICVlen ::= INTEGER (12 | 13 | 14 | 15 | 16)
* NOTE: however, NIST 800-38D also lists 4 (32bit) and 8 (64bit)
* as possible AES-GCM-ICVlen values, so we allow all 6 values.
* </pre>
*
* @since 9
*/
public final class GCMParameters extends AlgorithmParametersSpi {
private byte[] iv; // i.e. aes-nonce
private int tLen; // i.e. aes-ICVlen, in bytes
public GCMParameters() {}
private void setValues(byte[] iv, int tLen) throws IOException {
if (iv == null) {
throw new IOException("IV cannot be null");
}
if (tLen != 4 && tLen != 8 && (tLen < 12 || tLen > 16)) {
throw new IOException("Unsupported tag length: " + tLen);
}
this.iv = iv;
this.tLen = tLen;
}
protected byte[] engineGetEncoded() throws IOException {
DerOutputStream out = new DerOutputStream();
DerOutputStream bytes = new DerOutputStream();
bytes.putOctetString(iv);
bytes.putInteger(tLen);
out.write(DerValue.tag_Sequence, bytes);
return out.toByteArray();
}
protected byte[] engineGetEncoded(String format) throws IOException {
// ignore format for now
return engineGetEncoded();
}
protected <T extends AlgorithmParameterSpec>
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException {
if (GCMParameterSpec.class.isAssignableFrom(paramSpec)) {
return paramSpec.cast(new GCMParameterSpec(tLen*8, iv.clone()));
} else {
throw new InvalidParameterSpecException
("Inappropriate parameter specification. Received " +
paramSpec.getClass().getName());
}
}
protected void engineInit(AlgorithmParameterSpec paramSpec)
throws InvalidParameterSpecException {
if (!(paramSpec instanceof GCMParameterSpec)) {
throw new InvalidParameterSpecException
("Inappropriate parameter specification. Received " +
paramSpec.getClass().getName());
}
GCMParameterSpec gcmSpec = (GCMParameterSpec) paramSpec;
try {
setValues(gcmSpec.getIV(), gcmSpec.getTLen()/8);
} catch (IOException ioe) {
throw new InvalidParameterSpecException(ioe.getMessage());
}
}
protected void engineInit(byte[] encoded) throws IOException {
DerValue val = new DerValue(encoded);
if (val.tag == DerValue.tag_Sequence) {
val.data.reset();
setValues(val.data.getOctetString(), val.data.getInteger());
} else {
throw new IOException("GCM parameter parsing error: SEQ tag expected." +
" Received: " + val.tag);
}
}
protected void engineInit(byte[] encoded, String format)
throws IOException {
// ignore format for now
engineInit(encoded);
}
protected String engineToString() {
return ("IV=" + Arrays.toString(iv) + ", tLen=" + tLen * 8);
}
}