Repository: commons-crypto Updated Branches: refs/heads/master de5423477 -> aad8c55a4
CRYPTO-60: opensslCipher support GCM mode Closes #70 from kexianda/gcm3 Project: http://git-wip-us.apache.org/repos/asf/commons-crypto/repo Commit: http://git-wip-us.apache.org/repos/asf/commons-crypto/commit/aad8c55a Tree: http://git-wip-us.apache.org/repos/asf/commons-crypto/tree/aad8c55a Diff: http://git-wip-us.apache.org/repos/asf/commons-crypto/diff/aad8c55a Branch: refs/heads/master Commit: aad8c55a43f72d7869d704a44b42557bb634baf2 Parents: de54234 Author: Xianda Ke <xianda...@intel.com> Authored: Mon Nov 20 07:57:14 2017 +0800 Committer: Sun Dapeng <s...@apache.org> Committed: Mon Nov 20 08:29:11 2017 +0800 ---------------------------------------------------------------------- Makefile.common | 2 +- .../commons/crypto/cipher/CryptoCipher.java | 52 +++ .../apache/commons/crypto/cipher/JceCipher.java | 56 ++++ .../apache/commons/crypto/cipher/OpenSsl.java | 119 ++++--- .../commons/crypto/cipher/OpenSslCipher.java | 142 ++++++--- .../crypto/cipher/OpenSslCommonMode.java | 117 +++++++ .../crypto/cipher/OpenSslEvpCtrlValues.java | 52 +++ .../crypto/cipher/OpenSslFeedbackCipher.java | 73 +++++ .../crypto/cipher/OpenSslGaloisCounterMode.java | 313 +++++++++++++++++++ .../commons/crypto/cipher/OpenSslNative.java | 48 ++- .../commons/crypto/jna/OpenSslJnaCipher.java | 62 ++++ .../commons/crypto/cipher/OpenSslNative.c | 170 +++++++++- .../commons/crypto/org_apache_commons_crypto.h | 5 +- .../crypto/cipher/OpenSslCipherTest.java | 12 +- 14 files changed, 1113 insertions(+), 110 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/Makefile.common ---------------------------------------------------------------------- diff --git a/Makefile.common b/Makefile.common index 0f50098..3518f57 100644 --- a/Makefile.common +++ b/Makefile.common @@ -88,7 +88,7 @@ Linux-x86_64_CXX := $(CROSS_PREFIX)g++ Linux-x86_64_STRIP := $(CROSS_PREFIX)strip Linux-x86_64_CXXFLAGS := -Ilib/inc_linux -I$(JAVA_HOME)/include -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 Linux-x86_64_CFLAGS := -Ilib/inc_linux -I$(JAVA_HOME)/include -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 -Linux-x86_64_LINKFLAGS := -shared -static-libgcc -static-libstdc++ +Linux-x86_64_LINKFLAGS := -shared -static-libgcc Linux-x86_64_LIBNAME := libcommons-crypto.so Linux-x86_64_COMMONS_CRYPTO_FLAGS := http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/cipher/CryptoCipher.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/CryptoCipher.java b/src/main/java/org/apache/commons/crypto/cipher/CryptoCipher.java index f3bdbcd..668ef2f 100644 --- a/src/main/java/org/apache/commons/crypto/cipher/CryptoCipher.java +++ b/src/main/java/org/apache/commons/crypto/cipher/CryptoCipher.java @@ -153,4 +153,56 @@ public interface CryptoCipher extends Closeable { int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException; + + /** + * Continues a multi-part update of the Additional Authentication + * Data (AAD). + * <p> + * Calls to this method provide AAD to the cipher when operating in + * modes such as AEAD (GCM). If this cipher is operating in + * GCM mode, all AAD must be supplied before beginning + * operations on the ciphertext (via the {@code update} and + * {@code doFinal} methods). + * + * @param aad the buffer containing the Additional Authentication Data + * + * @throws IllegalArgumentException if the {@code aad} + * byte array is null + * @throws IllegalStateException if this cipher is in a wrong state + * (e.g., has not been initialized), does not accept AAD, or if + * operating in either GCM or CCM mode and one of the {@code update} + * methods has already been called for the active + * encryption/decryption operation + * @throws UnsupportedOperationException if the corresponding method + * has not been overridden by an implementation + * + */ + void updateAAD(byte[] aad) + throws IllegalArgumentException, IllegalStateException, UnsupportedOperationException; + + /** + * Continues a multi-part update of the Additional Authentication + * Data (AAD). + * <p> + * Calls to this method provide AAD to the cipher when operating in + * modes such as AEAD (GCM). If this cipher is operating in + * GCM mode, all AAD must be supplied before beginning + * operations on the ciphertext (via the {@code update} and + * {@code doFinal} methods). + * + * @param aad the buffer containing the Additional Authentication Data + * + * @throws IllegalArgumentException if the {@code aad} + * byte array is null + * @throws IllegalStateException if this cipher is in a wrong state + * (e.g., has not been initialized), does not accept AAD, or if + * operating in either GCM or CCM mode and one of the {@code update} + * methods has already been called for the active + * encryption/decryption operation + * @throws UnsupportedOperationException if the corresponding method + * has not been overridden by an implementation + * + */ + void updateAAD(ByteBuffer aad) + throws IllegalArgumentException, IllegalStateException, UnsupportedOperationException; } http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java b/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java index a6b64fd..0df3f4b 100644 --- a/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java +++ b/src/main/java/org/apache/commons/crypto/cipher/JceCipher.java @@ -196,6 +196,62 @@ class JceCipher implements CryptoCipher { outputOffset); } + + /** + * Continues a multi-part update of the Additional Authentication + * Data (AAD). + * <p> + * Calls to this method provide AAD to the cipher when operating in + * modes such as AEAD (GCM/CCM). If this cipher is operating in + * either GCM or CCM mode, all AAD must be supplied before beginning + * operations on the ciphertext (via the {@code update} and + * {@code doFinal} methods). + * + * @param aad the buffer containing the Additional Authentication Data + * + * @throws IllegalArgumentException if the {@code aad} + * byte array is null + * @throws IllegalStateException if this cipher is in a wrong state + * (e.g., has not been initialized), does not accept AAD, or if + * operating in either GCM or CCM mode and one of the {@code update} + * methods has already been called for the active + * encryption/decryption operation + * @throws UnsupportedOperationException if JCE's implementation does not + * support such operation + */ + @Override + public void updateAAD(byte[] aad) { + cipher.updateAAD(aad); + } + + /** + * Continues a multi-part update of the Additional Authentication + * Data (AAD). + * <p> + * Calls to this method provide AAD to the cipher when operating in + * modes such as AEAD (GCM/CCM). If this cipher is operating in + * either GCM or CCM mode, all AAD must be supplied before beginning + * operations on the ciphertext (via the {@code update} and + * {@code doFinal} methods). + * + * @param aad the buffer containing the Additional Authentication Data + * + * @throws IllegalArgumentException if the {@code aad} + * byte array is null + * @throws IllegalStateException if this cipher is in a wrong state + * (e.g., has not been initialized), does not accept AAD, or if + * operating in either GCM or CCM mode and one of the {@code update} + * methods has already been called for the active + * encryption/decryption operation + * @throws UnsupportedOperationException if JCE's implementation does not + * support such operation + */ + @Override + public void updateAAD(ByteBuffer aad) { + cipher.updateAAD(aad); + } + + /** * Closes Jce cipher. */ http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/cipher/OpenSsl.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSsl.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSsl.java index 1820b47..e7c061a 100644 --- a/src/main/java/org/apache/commons/crypto/cipher/OpenSsl.java +++ b/src/main/java/org/apache/commons/crypto/cipher/OpenSsl.java @@ -18,7 +18,9 @@ package org.apache.commons.crypto.cipher; import java.nio.ByteBuffer; +import java.security.InvalidAlgorithmParameterException; import java.security.NoSuchAlgorithmException; +import java.security.spec.AlgorithmParameterSpec; import java.util.StringTokenizer; import javax.crypto.BadPaddingException; import javax.crypto.IllegalBlockSizeException; @@ -34,13 +36,15 @@ import org.apache.commons.crypto.utils.Utils; */ final class OpenSsl { + OpenSslFeedbackCipher opensslBlockCipher; + // Mode constant defined by OpenSsl JNI public static final int ENCRYPT_MODE = 1; public static final int DECRYPT_MODE = 0; /** Currently only support AES/CTR/NoPadding. */ private static enum AlgorithmMode { - AES_CTR, AES_CBC; + AES_CTR, AES_CBC, AES_GCM; /** * Gets the mode. @@ -82,10 +86,6 @@ final class OpenSsl { } } - private long context = 0; - private final int algorithm; - private final int padding; - private static final Throwable loadingFailureReason; static { @@ -122,9 +122,11 @@ final class OpenSsl { * @param padding the padding. */ private OpenSsl(long context, int algorithm, int padding) { - this.context = context; - this.algorithm = algorithm; - this.padding = padding; + if (algorithm == AlgorithmMode.AES_GCM.ordinal()) { + opensslBlockCipher = new OpenSslGaloisCounterMode(context, algorithm, padding); + } else { + opensslBlockCipher = new OpenSslCommonMode(context, algorithm, padding); + } } /** @@ -210,11 +212,13 @@ final class OpenSsl { * * @param mode {@link #ENCRYPT_MODE} or {@link #DECRYPT_MODE} * @param key crypto key - * @param iv crypto iv + * @param params the algorithm parameters + * @throws InvalidAlgorithmParameterException if IV length is wrong */ - public void init(int mode, byte[] key, byte[] iv) { - context = OpenSslNative - .init(context, mode, algorithm, padding, key, iv); + public void init(int mode, byte[] key, AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + checkState(); + opensslBlockCipher.init(mode, key, params); } /** @@ -250,12 +254,7 @@ final class OpenSsl { checkState(); Utils.checkArgument(input.isDirect() && output.isDirect(), "Direct buffers are required."); - int len = OpenSslNative.update(context, input, input.position(), - input.remaining(), output, output.position(), - output.remaining()); - input.position(input.limit()); - output.position(output.position() + len); - return len; + return opensslBlockCipher.update(input, output); } /** @@ -274,8 +273,37 @@ final class OpenSsl { public int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException { checkState(); - return OpenSslNative.updateByteArray(context, input, inputOffset, - inputLen, output, outputOffset, output.length - outputOffset); + return opensslBlockCipher.update(input, inputOffset, inputLen, output, outputOffset); + } + + /** + * Encrypts or decrypts data in a single-part operation, or finishes a + * multiple-part operation. + * + * @param input the input byte array + * @param inputOffset the offset in input where the input starts + * @param inputLen the input length + * @param output the byte array for the result + * @param outputOffset the offset in output where the result is stored + * @return the number of bytes stored in output + * @throws ShortBufferException if the given output byte array is too small + * to hold the result + * @throws BadPaddingException if this cipher is in decryption mode, and + * (un)padding has been requested, but the decrypted data is not + * bounded by the appropriate padding bytes + * @throws IllegalBlockSizeException if this cipher is a block cipher, no + * padding has been requested (only in encryption mode), and the + * total input length of the data processed by this cipher is not a + * multiple of block size; or if this encryption algorithm is unable + * to process the input data provided. + */ + public int doFinal(byte[] input, int inputOffset, int inputLen, + byte[] output, int outputOffset) + throws ShortBufferException, IllegalBlockSizeException, + BadPaddingException{ + + checkState(); + return opensslBlockCipher.doFinal(input, inputOffset, inputLen, output, outputOffset); } /** @@ -304,6 +332,7 @@ final class OpenSsl { * If any exception is thrown, this cipher object need to be reset before it * can be used again. * + * @param input the input ByteBuffer * @param output the output ByteBuffer * @return int number of bytes stored in <code>output</code> * @throws ShortBufferException if the given output byte array is too small @@ -317,53 +346,43 @@ final class OpenSsl { * (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes */ - public int doFinal(ByteBuffer output) throws ShortBufferException, + public int doFinal(ByteBuffer input, ByteBuffer output) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { checkState(); Utils.checkArgument(output.isDirect(), "Direct buffer is required."); - int len = OpenSslNative.doFinal(context, output, output.position(), - output.remaining()); - output.position(output.position() + len); - return len; + + return opensslBlockCipher.doFinal(input, output); } + /** - * Encrypts or decrypts data in a single-part operation, or finishes a - * multiple-part operation. + * Continues a multi-part update of the Additional Authentication + * Data (AAD). + * <p> + * Calls to this method provide AAD to the cipher when operating in + * modes such as AEAD (GCM). If this cipher is operating in + * either GCM mode, all AAD must be supplied before beginning + * operations on the ciphertext (via the {@code update} and + * {@code doFinal} methods). + * + * @param aad the buffer containing the Additional Authentication Data * - * @param output the byte array for the result - * @param outputOffset the offset in output where the result is stored - * @return the number of bytes stored in output - * @throws ShortBufferException if the given output byte array is too small - * to hold the result - * @throws BadPaddingException if this cipher is in decryption mode, and - * (un)padding has been requested, but the decrypted data is not - * bounded by the appropriate padding bytes - * @throws IllegalBlockSizeException if this cipher is a block cipher, no - * padding has been requested (only in encryption mode), and the - * total input length of the data processed by this cipher is not a - * multiple of block size; or if this encryption algorithm is unable - * to process the input data provided. */ - public int doFinal(byte[] output, int outputOffset) - throws ShortBufferException, IllegalBlockSizeException, - BadPaddingException { - checkState(); - return OpenSslNative.doFinalByteArray(context, output, outputOffset, - output.length - outputOffset); + public void updateAAD(byte[] aad) { + this.opensslBlockCipher.updateAAD(aad); } + /** Forcibly clean the context. */ public void clean() { - if (context != 0) { - OpenSslNative.clean(context); - context = 0; + if (opensslBlockCipher != null) { + opensslBlockCipher.clean(); } } /** Checks whether context is initialized. */ private void checkState() { - Utils.checkState(context != 0); + Utils.checkState(opensslBlockCipher != null); } @Override http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/cipher/OpenSslCipher.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslCipher.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslCipher.java index dff7dad..c62d58b 100644 --- a/src/main/java/org/apache/commons/crypto/cipher/OpenSslCipher.java +++ b/src/main/java/org/apache/commons/crypto/cipher/OpenSslCipher.java @@ -37,16 +37,17 @@ import org.apache.commons.crypto.utils.Utils; */ class OpenSslCipher implements CryptoCipher { - private final OpenSsl cipher; + private final OpenSsl openSslEngine; + private boolean initialized = false; private final String transformation; /** * Constructs a {@link CryptoCipher} using JNI into OpenSSL * - * @param props properties for OpenSSL cipher (unused) - * @param transformation transformation for OpenSSL cipher (algorithm/mode/padding) - * @throws GeneralSecurityException if OpenSSL cipher initialize failed + * @param props properties for OpenSSL openSslEngine (unused) + * @param transformation transformation for OpenSSL openSslEngine (algorithm/mode/padding) + * @throws GeneralSecurityException if OpenSSL openSslEngine initialize failed */ // N.B. this class is not public/protected so does not appear in the main Javadoc // Please ensure that property use is documented in the enum CryptoRandomFactory.RandomProvider @@ -59,14 +60,14 @@ class OpenSslCipher implements CryptoCipher { throw new RuntimeException(loadingFailureReason); } - cipher = OpenSsl.getInstance(transformation); + openSslEngine = OpenSsl.getInstance(transformation); } /** * Returns the block size (in bytes). * * @return the block size (in bytes), or 0 if the underlying algorithm is - * not a block cipher + * not a block openSslEngine */ @Override public final int getBlockSize() { @@ -88,10 +89,10 @@ class OpenSslCipher implements CryptoCipher { } /** - * Initializes the cipher with mode, key and iv. + * Initializes the openSslEngine with mode, key and iv. * * @param mode {@link Cipher#ENCRYPT_MODE} or {@link Cipher#DECRYPT_MODE} - * @param key crypto key for the cipher + * @param key crypto key for the openSslEngine * @param params the algorithm parameters * @throws InvalidKeyException If key length is invalid * @throws InvalidAlgorithmParameterException if IV length is wrong @@ -106,20 +107,13 @@ class OpenSslCipher implements CryptoCipher { if (mode == Cipher.ENCRYPT_MODE) { cipherMode = OpenSsl.ENCRYPT_MODE; } - byte[] iv; - if (params instanceof IvParameterSpec) { - iv = ((IvParameterSpec) params).getIV(); - } else { - // other AlgorithmParameterSpec such as GCMParameterSpec is not - // supported now. - throw new InvalidAlgorithmParameterException("Illegal parameters"); - } - cipher.init(cipherMode, key.getEncoded(), iv); + openSslEngine.init(cipherMode, key.getEncoded(), params); + initialized = true; } /** * Continues a multiple-part encryption/decryption operation. The data is - * encrypted or decrypted, depending on how this cipher was initialized. + * encrypted or decrypted, depending on how this openSslEngine was initialized. * * @param inBuffer the input ByteBuffer * @param outBuffer the output ByteBuffer @@ -130,12 +124,12 @@ class OpenSslCipher implements CryptoCipher { @Override public int update(ByteBuffer inBuffer, ByteBuffer outBuffer) throws ShortBufferException { - return cipher.update(inBuffer, outBuffer); + return openSslEngine.update(inBuffer, outBuffer); } /** * Continues a multiple-part encryption/decryption operation. The data is - * encrypted or decrypted, depending on how this cipher was initialized. + * encrypted or decrypted, depending on how this openSslEngine was initialized. * * @param input the input byte array * @param inputOffset the offset in input where the input starts @@ -149,24 +143,24 @@ class OpenSslCipher implements CryptoCipher { @Override public int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException { - return cipher + return openSslEngine .update(input, inputOffset, inputLen, output, outputOffset); } /** * Encrypts or decrypts data in a single-part operation, or finishes a * multiple-part operation. The data is encrypted or decrypted, depending on - * how this cipher was initialized. + * how this openSslEngine was initialized. * * @param inBuffer the input ByteBuffer * @param outBuffer the output ByteBuffer * @return int number of bytes stored in <code>output</code> - * @throws BadPaddingException if this cipher is in decryption mode, and + * @throws BadPaddingException if this openSslEngine is in decryption mode, and * (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes - * @throws IllegalBlockSizeException if this cipher is a block cipher, no + * @throws IllegalBlockSizeException if this openSslEngine is a block openSslEngine, no * padding has been requested (only in encryption mode), and the - * total input length of the data processed by this cipher is not a + * total input length of the data processed by this openSslEngine is not a * multiple of block size; or if this encryption algorithm is unable * to process the input data provided. * @throws ShortBufferException if the given output buffer is too small to @@ -176,8 +170,7 @@ class OpenSslCipher implements CryptoCipher { public int doFinal(ByteBuffer inBuffer, ByteBuffer outBuffer) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { - int n = cipher.update(inBuffer, outBuffer); - return n + cipher.doFinal(outBuffer); + return openSslEngine.doFinal(inBuffer, outBuffer); } /** @@ -192,12 +185,12 @@ class OpenSslCipher implements CryptoCipher { * @return the number of bytes stored in output * @throws ShortBufferException if the given output byte array is too small * to hold the result - * @throws BadPaddingException if this cipher is in decryption mode, and + * @throws BadPaddingException if this openSslEngine is in decryption mode, and * (un)padding has been requested, but the decrypted data is not * bounded by the appropriate padding bytes - * @throws IllegalBlockSizeException if this cipher is a block cipher, no + * @throws IllegalBlockSizeException if this openSslEngine is a block openSslEngine, no * padding has been requested (only in encryption mode), and the - * total input length of the data processed by this cipher is not a + * total input length of the data processed by this openSslEngine is not a * multiple of block size; or if this encryption algorithm is unable * to process the input data provided. */ @@ -205,16 +198,95 @@ class OpenSslCipher implements CryptoCipher { public int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { - int n = cipher.update(input, inputOffset, inputLen, output, - outputOffset); - return n + cipher.doFinal(output, outputOffset + n); + return openSslEngine.doFinal(input, inputOffset, inputLen, output,outputOffset); + } + + + /** + * Continues a multi-part update of the Additional Authentication + * Data (AAD). + * <p> + * Calls to this method provide AAD to the opensslEngine when operating in + * modes such as AEAD (GCM). If this opensslEngine is operating in + * either GCM mode, all AAD must be supplied before beginning + * operations on the ciphertext (via the {@code update} and + * {@code doFinal} methods). + * + * @param aad the buffer containing the Additional Authentication Data + * + * @throws IllegalArgumentException if the {@code aad} + * byte array is null + * @throws IllegalStateException if this opensslEngine is in a wrong state + * (e.g., has not been initialized), does not accept AAD, or if + * operating in either GCM mode and one of the {@code update} + * methods has already been called for the active + * encryption/decryption operation + * @throws UnsupportedOperationException if the implementation {@code opensslEngine} + * doesn't support this operation. + */ + @Override + public void updateAAD(byte[] aad) throws IllegalArgumentException, + IllegalStateException, UnsupportedOperationException { + if (aad == null) { + throw new IllegalArgumentException("aad buffer is null"); + } + if (!initialized) { + throw new IllegalStateException("Cipher not initialized"); + } + if (aad.length == 0) { + return; + } + + openSslEngine.updateAAD(aad); } /** - * Closes the OpenSSL cipher. Clean the OpenSsl native context. + * Continues a multi-part update of the Additional Authentication + * Data (AAD). + * <p> + * Calls to this method provide AAD to the opensslEngine when operating in + * modes such as AEAD (GCM). If this opensslEngine is operating in + * either GCM mode, all AAD must be supplied before beginning + * operations on the ciphertext (via the {@code update} and + * {@code doFinal} methods). + * + * @param aad the buffer containing the Additional Authentication Data + * + * @throws IllegalArgumentException if the {@code aad} + * byte array is null + * @throws IllegalStateException if this opensslEngine is in a wrong state + * (e.g., has not been initialized), does not accept AAD, or if + * operating in either GCM mode and one of the {@code update} + * methods has already been called for the active + * encryption/decryption operation + * @throws UnsupportedOperationException if the implementation {@code opensslEngine} + * doesn't support this operation. + */ + @Override + public void updateAAD(ByteBuffer aad) throws IllegalArgumentException, + IllegalStateException, UnsupportedOperationException { + if (aad == null) { + throw new IllegalArgumentException("aad buffer is null"); + } + if (!initialized) { + throw new IllegalStateException("Cipher not initialized"); + } + + int aadLen = aad.limit() - aad.position(); + if (aadLen == 0) { + return; + } + byte[] aadBytes = new byte[aadLen]; + aad.get(aadBytes); + openSslEngine.updateAAD(aadBytes); + } + + + /** + * Closes the OpenSSL openSslEngine. Clean the OpenSsl native context. */ @Override public void close() { - cipher.clean(); + openSslEngine.clean(); } } http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/cipher/OpenSslCommonMode.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslCommonMode.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslCommonMode.java new file mode 100644 index 0000000..f602d11 --- /dev/null +++ b/src/main/java/org/apache/commons/crypto/cipher/OpenSslCommonMode.java @@ -0,0 +1,117 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.commons.crypto.cipher; + +import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; +import java.nio.ByteBuffer; +import java.security.InvalidAlgorithmParameterException; +import java.security.spec.AlgorithmParameterSpec; + +/** + * This class do the real work(Encryption/Decryption) for non-authenticated modes, such as CTR, CBC. + * <p> + * It will call the OpenSSL API to implement encryption/decryption + */ +class OpenSslCommonMode extends OpenSslFeedbackCipher { + + public OpenSslCommonMode(long context, int algorithmMode, int padding) { + super(context, algorithmMode, padding); + } + + @Override + public void init(int mode, byte[] key, AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + this.cipherMode = mode; + byte[] iv; + if (params instanceof IvParameterSpec) { + iv = ((IvParameterSpec) params).getIV(); + } else { + // other AlgorithmParameterSpec is not supported now. + throw new InvalidAlgorithmParameterException("Illegal parameters"); + } + context = OpenSslNative.init(context, mode, algorithmMode, padding, key, iv); + } + + @Override + public int update(ByteBuffer input, ByteBuffer output) throws ShortBufferException { + checkState(); + + int len = OpenSslNative.update(context, input, input.position(), + input.remaining(), output, output.position(), + output.remaining()); + input.position(input.limit()); + output.position(output.position() + len); + + return len; + } + + @Override + public int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) + throws ShortBufferException { + checkState(); + + return OpenSslNative.updateByteArray(context, input, inputOffset, + inputLen, output, outputOffset, output.length - outputOffset); + } + + @Override + public int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) + throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { + checkState(); + + int len = OpenSslNative.updateByteArray(context, input, inputOffset, + inputLen, output, outputOffset, output.length - outputOffset); + + len += OpenSslNative.doFinalByteArray(context, output, outputOffset + len, + output.length - outputOffset - len); + + return len; + } + + @Override + public int doFinal(ByteBuffer input, ByteBuffer output) + throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { + checkState(); + + int totalLen = 0; + int len = OpenSslNative.update(context, input, input.position(), + input.remaining(), output, output.position(), output.remaining()); + totalLen += len; + + input.position(input.limit()); + output.position(output.position() + len); + + len = OpenSslNative.doFinal(context, output, output.position(), + output.remaining()); + totalLen += len; + + output.position(output.position() + len); + + return totalLen; + } + + @Override + public void updateAAD(byte[] aad) { + throw new UnsupportedOperationException( + "The underlying Cipher implementation " + + "does not support this method"); + } +} http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/cipher/OpenSslEvpCtrlValues.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslEvpCtrlValues.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslEvpCtrlValues.java new file mode 100644 index 0000000..2b64ff5 --- /dev/null +++ b/src/main/java/org/apache/commons/crypto/cipher/OpenSslEvpCtrlValues.java @@ -0,0 +1,52 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.commons.crypto.cipher; + +/** + * This enum is defined for OpensslNative.ctrl() to allow various cipher + * specific parameters to be determined and set. + * see the macro definitions in openssl/evp.h + */ +enum OpenSslEvpCtrlValues { + INIT(0x00), + SET_KEY_LENGTH(0x01), + GET_RC2_KEY_BITS(0x02), + SET_RC2_KEY_BITS(0x03), + GET_RC5_ROUNDS(0x04), + SET_RC5_ROUNDS(0x05), + RAND_KEY(0x06), + PBE_PRF_NID(0x07), + COPY(0x08), + AEAD_SET_IVLEN(0x09), + AEAD_GET_TAG(0x10), + AEAD_SET_TAG(0x11), + AEAD_SET_IV_FIXED(0x12), + GCM_IV_GEN(0x13), + CCM_SET_L(0x14), + CCM_SET_MSGLEN(0x15); + + private final int value; + + OpenSslEvpCtrlValues(int value) { + this.value = value; + } + + public int getValue() { + return value; + } +} http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/cipher/OpenSslFeedbackCipher.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslFeedbackCipher.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslFeedbackCipher.java new file mode 100644 index 0000000..4fa2743 --- /dev/null +++ b/src/main/java/org/apache/commons/crypto/cipher/OpenSslFeedbackCipher.java @@ -0,0 +1,73 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.commons.crypto.cipher; + +import org.apache.commons.crypto.utils.Utils; + +import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.ShortBufferException; +import java.nio.ByteBuffer; +import java.security.InvalidAlgorithmParameterException; +import java.security.spec.AlgorithmParameterSpec; + +/** + * This class represents a block cipher in one of its modes. + */ +abstract class OpenSslFeedbackCipher { + + protected long context = 0; + protected int algorithmMode; + protected int padding; + + protected int cipherMode = OpenSsl.DECRYPT_MODE; + + OpenSslFeedbackCipher(long context, int algorithmMode, int padding) { + this.context = context; + this.algorithmMode = algorithmMode; + this.padding = padding; + } + + abstract void init(int mode, byte[] key, AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException; + + abstract int update(ByteBuffer input, ByteBuffer output) + throws ShortBufferException; + + abstract int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) + throws ShortBufferException; + + abstract int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) + throws ShortBufferException, IllegalBlockSizeException, BadPaddingException; + + abstract int doFinal(ByteBuffer input, ByteBuffer output) throws ShortBufferException, + IllegalBlockSizeException, BadPaddingException; + + abstract void updateAAD(byte[] aad); + + public void clean() { + if (context != 0) { + OpenSslNative.clean(context); + context = 0; + } + } + + public void checkState() { + Utils.checkState(context != 0); + } +} http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/cipher/OpenSslGaloisCounterMode.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslGaloisCounterMode.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslGaloisCounterMode.java new file mode 100644 index 0000000..991c475 --- /dev/null +++ b/src/main/java/org/apache/commons/crypto/cipher/OpenSslGaloisCounterMode.java @@ -0,0 +1,313 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.commons.crypto.cipher; + +import javax.crypto.AEADBadTagException; +import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.ShortBufferException; +import javax.crypto.spec.GCMParameterSpec; +import java.io.ByteArrayOutputStream; +import java.nio.ByteBuffer; +import java.nio.ByteOrder; +import java.security.InvalidAlgorithmParameterException; +import java.security.spec.AlgorithmParameterSpec; + +/** + * This class do the real work(Encryption/Decryption/Authentication) for the authenticated mode: GCM. + * + * It calls the OpenSSL API to implement the JCE-like behavior + * + * @since 1.1 + */ +class OpenSslGaloisCounterMode extends OpenSslFeedbackCipher { + + // buffer for AAD data; if consumed, set as null + private ByteArrayOutputStream aadBuffer = new ByteArrayOutputStream(); + private int tagBitLen = -1; + + static final int DEFAULT_TAG_LEN = 16; + + // buffer for storing input in decryption, not used for encryption + private ByteArrayOutputStream inBuffer = null; + + public OpenSslGaloisCounterMode(long context, int algorithmMode, int padding) { + super(context, algorithmMode, padding); + } + + @Override + public void init(int mode, byte[] key, AlgorithmParameterSpec params) + throws InvalidAlgorithmParameterException { + + if (aadBuffer == null) { + aadBuffer = new ByteArrayOutputStream(); + } else { + aadBuffer.reset(); + } + + this.cipherMode = mode; + byte[] iv; + if (params instanceof GCMParameterSpec) { + GCMParameterSpec gcmParam = (GCMParameterSpec) params; + iv = gcmParam.getIV(); + this.tagBitLen = gcmParam.getTLen(); + } else { + // other AlgorithmParameterSpec is not supported now. + throw new InvalidAlgorithmParameterException("Illegal parameters"); + } + + if (this.cipherMode == OpenSsl.DECRYPT_MODE) { + inBuffer = new ByteArrayOutputStream(); + } + + context = OpenSslNative.init(context, mode, algorithmMode, padding, key, iv); + } + + @Override + public int update(ByteBuffer input, ByteBuffer output) throws ShortBufferException { + checkState(); + + processAAD(); + + int len; + if (this.cipherMode == OpenSsl.DECRYPT_MODE) { + // store internally until doFinal(decrypt) is called because + // spec mentioned that only return recovered data after tag + // is successfully verified + int inputLen = input.remaining(); + byte[] inputBuf = new byte[inputLen]; + input.get(inputBuf, 0, inputLen); + inBuffer.write(inputBuf, 0, inputLen); + return 0; + } else { + len = OpenSslNative.update(context, input, input.position(), + input.remaining(), output, output.position(), + output.remaining()); + input.position(input.limit()); + output.position(output.position() + len); + } + + return len; + } + + @Override + public int update(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) + throws ShortBufferException { + checkState(); + + processAAD(); + + if (this.cipherMode == OpenSsl.DECRYPT_MODE) { + // store internally until doFinal(decrypt) is called because + // spec mentioned that only return recovered data after tag + // is successfully verified + inBuffer.write(input, inputOffset, inputLen); + return 0; + } else { + return OpenSslNative.updateByteArray(context, input, inputOffset, + inputLen, output, outputOffset, output.length - outputOffset); + } + } + + @Override + public int doFinal(byte[] input, int inputOffset, int inputLen, byte[] output, int outputOffset) + throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { + checkState(); + + processAAD(); + + int len; + if (this.cipherMode == OpenSsl.DECRYPT_MODE) { + // if GCM-DECRYPT, we have to handle the buffered input + // and the retrieve the trailing tag from input + int inputOffsetFinal = inputOffset; + int inputLenFinal = inputLen; + byte[] inputFinal; + if (inBuffer != null && inBuffer.size() > 0) { + inBuffer.write(input, inputOffset, inputLen); + inputFinal = inBuffer.toByteArray(); + inputOffsetFinal = 0; + inputLenFinal = inputFinal.length; + inBuffer.reset(); + } else { + inputFinal = input; + } + + if (inputFinal.length < getTagLen()) { + throw new AEADBadTagException("Input too short - need tag"); + } + + int inputDataLen = inputLenFinal - getTagLen(); + len = OpenSslNative.updateByteArray(context, inputFinal, inputOffsetFinal, + inputDataLen, output, outputOffset, output.length - outputOffset); + + // set tag to EVP_Cipher for integrity verification in doFinal + ByteBuffer tag = ByteBuffer.allocate(getTagLen()); + tag.put(input, input.length - getTagLen(), getTagLen()); + tag.flip(); + evpCipherCtxCtrl(context, OpenSslEvpCtrlValues.AEAD_SET_TAG.getValue(), getTagLen(), tag); + } else { + len = OpenSslNative.updateByteArray(context, input, inputOffset, + inputLen, output, outputOffset, output.length - outputOffset); + } + + len += OpenSslNative.doFinalByteArray(context, output, outputOffset + len, + output.length - outputOffset - len); + + // Keep the similar behavior as JCE, append the tag to end of output + if (this.cipherMode == OpenSsl.ENCRYPT_MODE) { + ByteBuffer tag; + tag = ByteBuffer.allocate(getTagLen()); + evpCipherCtxCtrl(context, OpenSslEvpCtrlValues.AEAD_GET_TAG.getValue(), getTagLen(), tag); + tag.get(output, output.length - getTagLen(), getTagLen()); + len += getTagLen(); + } + + return len; + } + + @Override + public int doFinal(ByteBuffer input, ByteBuffer output) + throws ShortBufferException, IllegalBlockSizeException, BadPaddingException { + checkState(); + + processAAD(); + + int totalLen = 0; + int len; + if (this.cipherMode == OpenSsl.DECRYPT_MODE) { + ByteBuffer tag = ByteBuffer.allocate(getTagLen()); + + // if GCM-DECRYPT, we have to handle the buffered input + // and the retrieve the trailing tag from input + if (inBuffer != null && inBuffer.size() > 0) { + byte[] inputBytes = new byte[input.remaining()]; + input.get(inputBytes, 0, inputBytes.length); + inBuffer.write(inputBytes, 0, inputBytes.length); + byte[] inputFinal = inBuffer.toByteArray(); + inBuffer.reset(); + + if (inputFinal.length < getTagLen()) { + throw new AEADBadTagException("Input too short - need tag"); + } + + len = OpenSslNative.updateByteArrayByteBuffer(context, inputFinal, 0, + inputFinal.length - getTagLen(), + output, output.position(), output.remaining()); + + // retrieve tag + tag.put(inputFinal, inputFinal.length - getTagLen(), getTagLen()); + tag.flip(); + + } else { + // if no buffered input, just use the input directly + if (input.remaining() < getTagLen()) { + throw new AEADBadTagException("Input too short - need tag"); + } + + len = OpenSslNative.update(context, input, input.position(), + input.remaining() - getTagLen(), output, output.position(), + output.remaining()); + + input.position(input.position() + len); + + // retrieve tag + tag.put(input); + tag.flip(); + } + + // set tag to EVP_Cipher for integrity verification in doFinal + evpCipherCtxCtrl(context, OpenSslEvpCtrlValues.AEAD_SET_TAG.getValue(), + getTagLen(), tag); + } else { + len = OpenSslNative.update(context, input, input.position(), + input.remaining(), output, output.position(), + output.remaining()); + input.position(input.limit()); + } + + totalLen += len; + output.position(output.position() + len); + + len = OpenSslNative.doFinal(context, output, output.position(), + output.remaining()); + output.position(output.position() + len); + totalLen += len; + + // Keep the similar behavior as JCE, append the tag to end of output + if (this.cipherMode == OpenSsl.ENCRYPT_MODE) { + ByteBuffer tag; + tag = ByteBuffer.allocate(getTagLen()); + evpCipherCtxCtrl(context, OpenSslEvpCtrlValues.AEAD_GET_TAG.getValue(), getTagLen(), tag); + output.put(tag); + totalLen += getTagLen(); + } + + return totalLen; + } + + public void clean() { + super.clean(); + aadBuffer = null; + } + + @Override + public void updateAAD(byte[] aad) { + // must be called after initialized. + if (aadBuffer != null) { + aadBuffer.write(aad, 0, aad.length); + } else { + // update has already been called + throw new IllegalStateException + ("Update has been called; no more AAD data"); + } + } + + private void processAAD() { + if (aadBuffer != null && aadBuffer.size() > 0) { + OpenSslNative.updateByteArray(context, aadBuffer.toByteArray(), + 0, aadBuffer.size(), null, 0, 0); + aadBuffer = null; + } + } + + private int getTagLen() { + return tagBitLen < 0 ? DEFAULT_TAG_LEN : (tagBitLen >> 3); + } + + /** + * a wrapper of OpenSslNative.ctrl(long context, int type, int arg, byte[] data) + * Since native interface EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) is generic, + * it may set/get any native char or long type to the data buffer(ptr). + * Here we use ByteBuffer and set nativeOrder to handle the endianness. + */ + private void evpCipherCtxCtrl(long context, int type, int arg, ByteBuffer bb) { + checkState(); + + try { + if (bb != null) { + bb.order(ByteOrder.nativeOrder()); + OpenSslNative.ctrl(context, type, arg, bb.array()); + } else { + OpenSslNative.ctrl(context, type, arg, null); + } + } catch (Exception e) { + System.out.println(e.getMessage()); + } + } +} http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/cipher/OpenSslNative.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/cipher/OpenSslNative.java b/src/main/java/org/apache/commons/crypto/cipher/OpenSslNative.java index c73be17..dcaf37a 100644 --- a/src/main/java/org/apache/commons/crypto/cipher/OpenSslNative.java +++ b/src/main/java/org/apache/commons/crypto/cipher/OpenSslNative.java @@ -6,9 +6,9 @@ * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * + * <p> + * http://www.apache.org/licenses/LICENSE-2.0 + * <p> * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -25,9 +25,9 @@ import java.nio.ByteBuffer; */ class OpenSslNative { - /** - * The private constructor of {@link OpenSslNative}. - */ + /** + * The private constructor of {@link OpenSslNative}. + */ private OpenSslNative() { } @@ -57,7 +57,7 @@ class OpenSslNative { * @return the context address of cipher */ public native static long init(long context, int mode, int alg, - int padding, byte[] key, byte[] iv); + int padding, byte[] key, byte[] iv); /** * Continues a multiple-part encryption/decryption operation. The data is @@ -94,6 +94,23 @@ class OpenSslNative { int maxOutputLength); /** + * Continues a multiple-part encryption/decryption operation. The data is + * encrypted or decrypted, depending on how this cipher was initialized. + * + * @param context The cipher context address + * @param input The input byte array + * @param inputOffset The offset in input where the input starts + * @param inputLength The input length + * @param output The byte buffer for the result + * @param outputOffset The offset in output where the result is stored + * @param maxOutputLength The maximum length for output + * @return The number of bytes stored in output + */ + public native static int updateByteArrayByteBuffer(long context, byte[] input, + int inputOffset, int inputLength, + ByteBuffer output, int outputOffset, int maxOutputLength); + + /** * Finishes a multiple-part operation. The data is encrypted or decrypted, * depending on how this cipher was initialized. * @@ -120,6 +137,23 @@ class OpenSslNative { int offset, int maxOutputLength); /** + * allows various cipher specific parameters to be determined and set. + * + * it will call OpenSSL's API + * int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) + * In OpenSSL, data type of ptr can be char* or long*. Here, we map java's + * byte[] to native void*ptr. Note that the byte order is ByteOrder.nativeOrder. + * + * @param context The cipher context address + * @param type CtrlValues + * @param arg + * @param data byte buffer or null + * @return return 0 if there is any error, else return 1. + */ + public native static int ctrl(long context, int type, int arg, byte[] data); + + + /** * Cleans the context at native. * * @param context The cipher context address http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/java/org/apache/commons/crypto/jna/OpenSslJnaCipher.java ---------------------------------------------------------------------- diff --git a/src/main/java/org/apache/commons/crypto/jna/OpenSslJnaCipher.java b/src/main/java/org/apache/commons/crypto/jna/OpenSslJnaCipher.java index c83f150..01de554 100644 --- a/src/main/java/org/apache/commons/crypto/jna/OpenSslJnaCipher.java +++ b/src/main/java/org/apache/commons/crypto/jna/OpenSslJnaCipher.java @@ -232,6 +232,68 @@ class OpenSslJnaCipher implements CryptoCipher { return doFinal(inputBuf, outputBuf); } + + + /** + * Continues a multi-part update of the Additional Authentication + * Data (AAD). + * <p> + * Calls to this method provide AAD to the opensslEngine when operating in + * modes such as AEAD (GCM). If this opensslEngine is operating in + * either GCM mode, all AAD must be supplied before beginning + * operations on the ciphertext (via the {@code update} and + * {@code doFinal} methods). + * + * @param aad the buffer containing the Additional Authentication Data + * + * @throws IllegalArgumentException if the {@code aad} + * byte array is null + * @throws IllegalStateException if this opensslEngine is in a wrong state + * (e.g., has not been initialized), does not accept AAD, or if + * operating in either GCM mode and one of the {@code update} + * methods has already been called for the active + * encryption/decryption operation + * @throws UnsupportedOperationException if the implementation {@code opensslEngine} + * doesn't support this operation. + */ + @Override + public void updateAAD(byte[] aad) throws IllegalArgumentException, + IllegalStateException, UnsupportedOperationException { + //TODO: implement GCM mode using Jna + throw new UnsupportedOperationException("This is unsupported in Jna Cipher"); + } + + /** + * Continues a multi-part update of the Additional Authentication + * Data (AAD). + * <p> + * Calls to this method provide AAD to the opensslEngine when operating in + * modes such as AEAD (GCM). If this opensslEngine is operating in + * either GCM mode, all AAD must be supplied before beginning + * operations on the ciphertext (via the {@code update} and + * {@code doFinal} methods). + * + * @param aad the buffer containing the Additional Authentication Data + * + * @throws IllegalArgumentException if the {@code aad} + * byte array is null + * @throws IllegalStateException if this opensslEngine is in a wrong state + * (e.g., has not been initialized), does not accept AAD, or if + * operating in either GCM mode and one of the {@code update} + * methods has already been called for the active + * encryption/decryption operation + * @throws UnsupportedOperationException if the implementation {@code opensslEngine} + * doesn't support this operation. + */ + @Override + public void updateAAD(ByteBuffer aad) throws IllegalArgumentException, + IllegalStateException, UnsupportedOperationException { + //TODO: implement GCM mode using Jna + throw new UnsupportedOperationException("This is unsupported in Jna Cipher"); + } + + + /** * Closes the OpenSSL cipher. Clean the OpenSsl native context. */ http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c ---------------------------------------------------------------------- diff --git a/src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c b/src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c index 46196e5..078e2f2 100644 --- a/src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c +++ b/src/main/native/org/apache/commons/crypto/cipher/OpenSslNative.c @@ -35,6 +35,7 @@ static void (*dlsym_EVP_CIPHER_CTX_free)(EVP_CIPHER_CTX *); static int (*dlsym_EVP_CIPHER_CTX_cleanup)(EVP_CIPHER_CTX *); static void (*dlsym_EVP_CIPHER_CTX_init)(EVP_CIPHER_CTX *); static int (*dlsym_EVP_CIPHER_CTX_set_padding)(EVP_CIPHER_CTX *, int); +static int (*dlsym_EVP_CIPHER_CTX_ctrl)(EVP_CIPHER_CTX *, int, int, void *); static int (*dlsym_EVP_CipherInit_ex)(EVP_CIPHER_CTX *, const EVP_CIPHER *, \ ENGINE *, const unsigned char *, const unsigned char *, int); static int (*dlsym_EVP_CipherUpdate)(EVP_CIPHER_CTX *, unsigned char *, \ @@ -46,6 +47,9 @@ static EVP_CIPHER * (*dlsym_EVP_aes_128_ctr)(void); static EVP_CIPHER * (*dlsym_EVP_aes_256_cbc)(void); static EVP_CIPHER * (*dlsym_EVP_aes_192_cbc)(void); static EVP_CIPHER * (*dlsym_EVP_aes_128_cbc)(void); +static EVP_CIPHER * (*dlsym_EVP_aes_256_gcm)(void); +static EVP_CIPHER * (*dlsym_EVP_aes_192_gcm)(void); +static EVP_CIPHER * (*dlsym_EVP_aes_128_gcm)(void); #endif #ifdef WINDOWS @@ -54,6 +58,7 @@ typedef void (__cdecl *__dlsym_EVP_CIPHER_CTX_free)(EVP_CIPHER_CTX *); typedef int (__cdecl *__dlsym_EVP_CIPHER_CTX_cleanup)(EVP_CIPHER_CTX *); typedef void (__cdecl *__dlsym_EVP_CIPHER_CTX_init)(EVP_CIPHER_CTX *); typedef int (__cdecl *__dlsym_EVP_CIPHER_CTX_set_padding)(EVP_CIPHER_CTX *, int); +typedef int (__cdecl *__dlsym_EVP_CIPHER_CTX_ctrl)(EVP_CIPHER_CTX *, int, int, void *); typedef int (__cdecl *__dlsym_EVP_CipherInit_ex)(EVP_CIPHER_CTX *, \ const EVP_CIPHER *, ENGINE *, const unsigned char *, \ const unsigned char *, int); @@ -67,11 +72,15 @@ typedef EVP_CIPHER * (__cdecl *__dlsym_EVP_aes_128_ctr)(void); typedef EVP_CIPHER * (__cdecl *__dlsym_EVP_aes_256_cbc)(void); typedef EVP_CIPHER * (__cdecl *__dlsym_EVP_aes_192_cbc)(void); typedef EVP_CIPHER * (__cdecl *__dlsym_EVP_aes_128_cbc)(void); +typedef EVP_CIPHER * (__cdecl *__dlsym_EVP_aes_256_gcm)(void); +typedef EVP_CIPHER * (__cdecl *__dlsym_EVP_aes_192_gcm)(void); +typedef EVP_CIPHER * (__cdecl *__dlsym_EVP_aes_128_gcm)(void); static __dlsym_EVP_CIPHER_CTX_new dlsym_EVP_CIPHER_CTX_new; static __dlsym_EVP_CIPHER_CTX_free dlsym_EVP_CIPHER_CTX_free; static __dlsym_EVP_CIPHER_CTX_cleanup dlsym_EVP_CIPHER_CTX_cleanup; static __dlsym_EVP_CIPHER_CTX_init dlsym_EVP_CIPHER_CTX_init; static __dlsym_EVP_CIPHER_CTX_set_padding dlsym_EVP_CIPHER_CTX_set_padding; +static __dlsym_EVP_CIPHER_CTX_ctrl dlsym_EVP_CIPHER_CTX_ctrl; static __dlsym_EVP_CipherInit_ex dlsym_EVP_CipherInit_ex; static __dlsym_EVP_CipherUpdate dlsym_EVP_CipherUpdate; static __dlsym_EVP_CipherFinal_ex dlsym_EVP_CipherFinal_ex; @@ -81,6 +90,9 @@ static __dlsym_EVP_aes_128_ctr dlsym_EVP_aes_128_ctr; static __dlsym_EVP_aes_256_cbc dlsym_EVP_aes_256_cbc; static __dlsym_EVP_aes_192_cbc dlsym_EVP_aes_192_cbc; static __dlsym_EVP_aes_128_cbc dlsym_EVP_aes_128_cbc; +static __dlsym_EVP_aes_256_gcm dlsym_EVP_aes_256_gcm; +static __dlsym_EVP_aes_192_gcm dlsym_EVP_aes_192_gcm; +static __dlsym_EVP_aes_128_gcm dlsym_EVP_aes_128_gcm; #endif #ifdef UNIX @@ -98,6 +110,9 @@ static void loadAes(JNIEnv *env, HMODULE openssl) LOAD_DYNAMIC_SYMBOL(dlsym_EVP_aes_256_cbc, env, openssl, "EVP_aes_256_cbc"); LOAD_DYNAMIC_SYMBOL(dlsym_EVP_aes_192_cbc, env, openssl, "EVP_aes_192_cbc"); LOAD_DYNAMIC_SYMBOL(dlsym_EVP_aes_128_cbc, env, openssl, "EVP_aes_128_cbc"); + LOAD_DYNAMIC_SYMBOL(dlsym_EVP_aes_256_gcm, env, openssl, "EVP_aes_256_gcm"); + LOAD_DYNAMIC_SYMBOL(dlsym_EVP_aes_192_gcm, env, openssl, "EVP_aes_192_gcm"); + LOAD_DYNAMIC_SYMBOL(dlsym_EVP_aes_128_gcm, env, openssl, "EVP_aes_128_gcm"); #endif #ifdef WINDOWS @@ -113,6 +128,12 @@ static void loadAes(JNIEnv *env, HMODULE openssl) env, openssl, "EVP_aes_192_cbc"); LOAD_DYNAMIC_SYMBOL(__dlsym_EVP_aes_128_cbc, dlsym_EVP_aes_128_cbc, \ env, openssl, "EVP_aes_128_cbc"); + LOAD_DYNAMIC_SYMBOL(__dlsym_EVP_aes_256_gcm, dlsym_EVP_aes_256_gcm, \ + env, openssl, "EVP_aes_256_gcm"); + LOAD_DYNAMIC_SYMBOL(__dlsym_EVP_aes_192_gcm, dlsym_EVP_aes_192_gcm, \ + env, openssl, "EVP_aes_192_gcm"); + LOAD_DYNAMIC_SYMBOL(__dlsym_EVP_aes_128_gcm, dlsym_EVP_aes_128_gcm, \ + env, openssl, "EVP_aes_128_gcm"); #endif } @@ -153,6 +174,8 @@ JNIEXPORT void JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_initI "EVP_CIPHER_CTX_init"); LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CIPHER_CTX_set_padding, env, openssl, \ "EVP_CIPHER_CTX_set_padding"); + LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CIPHER_CTX_ctrl, env, openssl, \ + "EVP_CIPHER_CTX_ctrl"); LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CipherInit_ex, env, openssl, \ "EVP_CipherInit_ex"); LOAD_DYNAMIC_SYMBOL(dlsym_EVP_CipherUpdate, env, openssl, \ @@ -195,12 +218,13 @@ JNIEXPORT void JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_initI JNIEXPORT jlong JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_initContext (JNIEnv *env, jclass clazz, jint alg, jint padding) { - if (alg != AES_CTR && alg != AES_CBC) { + if (alg != AES_CTR && alg != AES_CBC && alg != AES_GCM) { THROW(env, "java/security/NoSuchAlgorithmException", NULL); return (jlong)0; } if (!(alg == AES_CTR && padding == NOPADDING) - && !(alg == AES_CBC && (padding == NOPADDING|| padding == PKCS5PADDING))) { + && !(alg == AES_CBC && (padding == NOPADDING|| padding == PKCS5PADDING)) + && !(alg == AES_GCM && padding == NOPADDING)) { THROW(env, "javax/crypto/NoSuchPaddingException", NULL); return (jlong)0; } @@ -219,6 +243,13 @@ JNIEXPORT jlong JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_init return (jlong)0; } + if (dlsym_EVP_aes_256_gcm == NULL || + dlsym_EVP_aes_192_gcm == NULL || dlsym_EVP_aes_128_gcm == NULL) { + THROW(env, "java/security/NoSuchAlgorithmException", \ + "Doesn't support AES GCM."); + return (jlong)0; + } + // Create and initialize a EVP_CIPHER_CTX EVP_CIPHER_CTX *context = dlsym_EVP_CIPHER_CTX_new(); if (!context) { @@ -249,6 +280,14 @@ static EVP_CIPHER * getEvpCipher(int alg, int keyLen) } else if (keyLen == KEY_LENGTH_128) { cipher = dlsym_EVP_aes_128_cbc(); } + } else if (alg == AES_GCM) { + if (keyLen == KEY_LENGTH_256) { + cipher = dlsym_EVP_aes_256_gcm(); + } else if (keyLen == KEY_LENGTH_192) { + cipher = dlsym_EVP_aes_192_gcm(); + } else if (keyLen == KEY_LENGTH_128) { + cipher = dlsym_EVP_aes_128_gcm(); + } } return cipher; } @@ -271,7 +310,7 @@ JNIEXPORT jlong JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_init THROW(env, "java/security/InvalidKeyException", str); goto cleanup; } - if (jIvLen != IV_LENGTH) { + if ((alg != AES_GCM) && (jIvLen != IV_LENGTH)) { THROW(env, "java/security/InvalidAlgorithmParameterException", "Wrong IV length: must be 16 bytes long"); goto cleanup; } @@ -296,13 +335,26 @@ JNIEXPORT jlong JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_init goto cleanup; } - if (!(alg == AES_CTR || alg == AES_CBC)) { + if (!(alg == AES_CTR || alg == AES_CBC || alg == AES_GCM)) { THROW(env, "java/security/NoSuchAlgorithmException", "The algorithm is not supported."); goto cleanup; } + // initialize cipher & mode int rc = dlsym_EVP_CipherInit_ex(context, getEvpCipher(alg, jKeyLen), \ - NULL, (unsigned char *)jKey, (unsigned char *)jIv, mode == ENCRYPT_MODE); + NULL, NULL, NULL, mode == ENCRYPT_MODE); + if (rc == 0) { + THROW(env, "java/lang/InternalError", "Error in EVP_CipherInit_ex."); + goto cleanup; + } + + // Set IV length if default 12 bytes (96 bits) is not appropriate + // Note: set IV length after cipher is initialized, before iv is initialized. + if (alg == AES_GCM) { + rc = dlsym_EVP_CIPHER_CTX_ctrl(context, EVP_CTRL_GCM_SET_IVLEN, jIvLen, NULL); + } + rc = dlsym_EVP_CipherInit_ex(context, NULL, NULL, \ + (unsigned char *)jKey, (unsigned char *)jIv, mode == ENCRYPT_MODE); if (rc == 0) { THROW(env, "java/lang/InternalError", "Error in EVP_CipherInit_ex."); goto cleanup; @@ -394,20 +446,28 @@ JNIEXPORT jint JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_updat jint input_len, jbyteArray output, jint output_offset, jint max_output_len) { EVP_CIPHER_CTX *context = CONTEXT(ctx); - if (!check_update_max_output_len(context, input_len, max_output_len)) { + + // when provide AAD to EVP cipher, output is NULL. + if (output != NULL + && !check_update_max_output_len(context, input_len, max_output_len)) { THROW(env, "javax/crypto/ShortBufferException", \ "Output buffer is not sufficient."); return 0; } + unsigned char *input_bytes = NULL; unsigned char *output_bytes = NULL; int output_len = 0; input_bytes = (unsigned char *) (*env)->GetByteArrayElements(env, input, 0); - output_bytes = (unsigned char *) (*env)->GetByteArrayElements(env, output, 0); - if (input_bytes == NULL || output_bytes == NULL) { + + // output is NULL when updateAAD + if (output != NULL) { + output_bytes = (unsigned char *) (*env)->GetByteArrayElements(env, output, 0); + } + if (input_bytes == NULL || (output != NULL && output_bytes == NULL)) { THROW(env, "java/lang/InternalError", "Cannot get buffer address."); - goto cleanup; + return 0; } int rc = dlsym_EVP_CipherUpdate(context, output_bytes + output_offset, &output_len, \ @@ -429,6 +489,37 @@ cleanup: return output_len; } +JNIEXPORT jint JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_updateByteArrayByteBuffer + (JNIEnv *env, jclass clazz, jlong ctx, jbyteArray input, jint input_offset, + jint input_len, jobject output, jint output_offset, jint max_output_len) +{ + EVP_CIPHER_CTX *context = CONTEXT(ctx); + if (!check_update_max_output_len(context, input_len, max_output_len)) { + THROW(env, "javax/crypto/ShortBufferException", \ + "Output buffer is not sufficient."); + return 0; + } + unsigned char *input_bytes = (unsigned char *) (*env)->GetByteArrayElements(env, input, 0); + unsigned char *output_bytes = (*env)->GetDirectBufferAddress(env, output); + if (input_bytes == NULL || output_bytes == NULL) { + THROW(env, "java/lang/InternalError", "Cannot get buffer address."); + return 0; + } + input_bytes = input_bytes + input_offset; + output_bytes = output_bytes + output_offset; + + int output_len = 0; + if (!dlsym_EVP_CipherUpdate(context, output_bytes, &output_len, \ + input_bytes, input_len)) { + (*env)->ReleaseByteArrayElements(env, input, (jbyte *) input_bytes, 0); + dlsym_EVP_CIPHER_CTX_cleanup(context); + THROW(env, "java/lang/InternalError", "Error in EVP_CipherUpdate."); + return 0; + } + return output_len; +} + + // https://www.openssl.org/docs/crypto/EVP_EncryptInit.html static int check_doFinal_max_output_len(EVP_CIPHER_CTX *context, int max_output_len) @@ -464,8 +555,14 @@ JNIEXPORT jint JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_doFin int output_len = 0; if (!dlsym_EVP_CipherFinal_ex(context, output_bytes, &output_len)) { + // validate tag in GCM mode when decrypt + if ((context->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_GCM_MODE + && context->encrypt == DECRYPT_MODE) { + THROW(env, "javax/crypto/AEADBadTagException", "Tag mismatch!"); + } else { + THROW(env, "java/lang/InternalError", "Error in EVP_CipherFinal_ex."); + } dlsym_EVP_CIPHER_CTX_cleanup(context); - THROW(env, "java/lang/InternalError", "Error in EVP_CipherFinal_ex."); return 0; } return output_len; @@ -493,13 +590,64 @@ JNIEXPORT jint JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_doFin (*env)->ReleaseByteArrayElements(env, output, (jbyte *) output_bytes, 0); if (rc == 0) { - dlsym_EVP_CIPHER_CTX_cleanup(context); + // validate tag in GCM mode when decrypt + if ((context->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_GCM_MODE + && context->encrypt == DECRYPT_MODE) { + THROW(env, "javax/crypto/AEADBadTagException", "Tag mismatch!"); + } else { THROW(env, "java/lang/InternalError", "Error in EVP_CipherFinal_ex."); + } + dlsym_EVP_CIPHER_CTX_cleanup(context); return 0; } return output_len; } +JNIEXPORT jint JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_ctrl + (JNIEnv *env, jclass clazz, jlong ctx, jint type, jint arg, jbyteArray data) +{ + EVP_CIPHER_CTX *context = CONTEXT(ctx); + + int rc = 0; + void *data_ptr = NULL; + if (data != NULL) { + data_ptr = (void*) (*env)->GetByteArrayElements(env, data, 0); + if (data_ptr == NULL) { + THROW(env, "java/lang/InternalError", "Cannot get buffer address."); + return 0; + } + } + + // get/set tag for GCM + if (type == EVP_CTRL_GCM_GET_TAG || type == EVP_CTRL_GCM_SET_TAG) { + if (arg <= 0 || arg > 16) { + THROW(env, "javax/crypto/AEADBadTagException", "TAG_LENGTH_INTERNAL_ERROR"); + goto exit_; + } + if (data == NULL) { + THROW(env, "javax/crypto/AEADBadTagException", "tag is null"); + goto exit_; + } + + unsigned char *tag = (unsigned char*) data_ptr; + rc = dlsym_EVP_CIPHER_CTX_ctrl(context, type, arg, tag); + if (!rc) { + THROW(env, "javax/crypto/AEADBadTagException", "TAG_SET_ERROR or TAG_RETRIEVE_ERROR"); + goto exit_; + } + } else { + THROW(env, "java.lang.UnsupportedOperationException", "Not implemented yet!"); + goto exit_; + } + +exit_: + if (data_ptr != NULL) { + (*env)->ReleaseByteArrayElements(env, data, (jbyte *) data_ptr, 0); + } + return rc; +} + + JNIEXPORT void JNICALL Java_org_apache_commons_crypto_cipher_OpenSslNative_clean (JNIEnv *env, jclass clazz, jlong ctx) { http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/main/native/org/apache/commons/crypto/org_apache_commons_crypto.h ---------------------------------------------------------------------- diff --git a/src/main/native/org/apache/commons/crypto/org_apache_commons_crypto.h b/src/main/native/org/apache/commons/crypto/org_apache_commons_crypto.h index 936cfb3..b980b77 100644 --- a/src/main/native/org/apache/commons/crypto/org_apache_commons_crypto.h +++ b/src/main/native/org/apache/commons/crypto/org_apache_commons_crypto.h @@ -216,12 +216,15 @@ static FARPROC WINAPI do_dlsym(JNIEnv *env, HMODULE handle, LPCSTR symbol) { #define ENCRYPT_MODE 1 #define DECRYPT_MODE 0 -/** Currently only support AES/CTR/NoPadding. */ +/** Currently only support AES/CTR/NoPadding, AES/CBC/NoPadding, AES/CBC/PKCS5Padding, AES/GCM/NoPadding */ #define AES_CTR 0 #define AES_CBC 1 +#define AES_GCM 2 + #define NOPADDING 0 #define PKCS5PADDING 1 + #endif //vim: sw=2: ts=2: et http://git-wip-us.apache.org/repos/asf/commons-crypto/blob/aad8c55a/src/test/java/org/apache/commons/crypto/cipher/OpenSslCipherTest.java ---------------------------------------------------------------------- diff --git a/src/test/java/org/apache/commons/crypto/cipher/OpenSslCipherTest.java b/src/test/java/org/apache/commons/crypto/cipher/OpenSslCipherTest.java index a4cd2c6..4f43a0c 100644 --- a/src/test/java/org/apache/commons/crypto/cipher/OpenSslCipherTest.java +++ b/src/test/java/org/apache/commons/crypto/cipher/OpenSslCipherTest.java @@ -24,6 +24,7 @@ import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import javax.crypto.NoSuchPaddingException; import javax.crypto.ShortBufferException; +import javax.crypto.spec.IvParameterSpec; import org.junit.Assert; import org.junit.Assume; @@ -89,7 +90,7 @@ public class OpenSslCipherTest extends AbstractCipherTest { .getInstance("AES/CTR/NoPadding"); Assert.assertNotNull(cipher); - cipher.init(OpenSsl.ENCRYPT_MODE, KEY, IV); + cipher.init(OpenSsl.ENCRYPT_MODE, KEY, new IvParameterSpec(IV)); // Require direct buffers ByteBuffer input = ByteBuffer.allocate(1024); @@ -123,13 +124,14 @@ public class OpenSslCipherTest extends AbstractCipherTest { .getInstance("AES/CTR/NoPadding"); Assert.assertNotNull(cipher); - cipher.init(OpenSsl.ENCRYPT_MODE, KEY, IV); + cipher.init(OpenSsl.ENCRYPT_MODE, KEY, new IvParameterSpec(IV)); // Require direct buffer + ByteBuffer input = ByteBuffer.allocate(1024); ByteBuffer output = ByteBuffer.allocate(1024); try { - cipher.doFinal(output); + cipher.doFinal(input, output); Assert.fail("Output buffer should be direct buffer."); } catch (IllegalArgumentException e) { Assert.assertTrue(e.getMessage().contains( @@ -147,7 +149,7 @@ public class OpenSslCipherTest extends AbstractCipherTest { final byte[] invalidKey = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x11 }; try { - cipher.init(OpenSsl.ENCRYPT_MODE, invalidKey, IV); + cipher.init(OpenSsl.ENCRYPT_MODE, invalidKey, new IvParameterSpec(IV)); Assert.fail("java.security.InvalidKeyException should be thrown."); } catch (Exception e) { Assert.assertTrue(e.getMessage().contains("Invalid AES key length: " + invalidKey.length + " bytes")); @@ -165,7 +167,7 @@ public class OpenSslCipherTest extends AbstractCipherTest { final byte[] invalidIV = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x11 }; try { - cipher.init(OpenSsl.ENCRYPT_MODE, KEY, invalidIV); + cipher.init(OpenSsl.ENCRYPT_MODE, KEY, new IvParameterSpec(invalidIV)); Assert.fail("java.security.InvalidAlgorithmParameterException should be thrown."); } catch (Exception e) { Assert.assertTrue(e.getMessage().contains("Wrong IV length: must be 16 bytes long"));
