1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one or more 3 * contributor license agreements. See the NOTICE file distributed with 4 * this work for additional information regarding copyright ownership. 5 * The ASF licenses this file to You under the Apache License, Version 2.0 6 * (the "License"); you may not use this file except in compliance with 7 * the License. You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18 package org.conscrypt; 19 20 import javax.crypto.Cipher; 21 22 /** 23 * This abstract class is a base for Record Protocol operating environmet 24 * of different SSL protocol versions. 25 */ 26 public abstract class ConnectionState { 27 28 /** 29 * The cipher used for encode operations 30 */ 31 protected Cipher encCipher; 32 33 /** 34 * The cipher used for decode operations 35 */ 36 protected Cipher decCipher; 37 38 /** 39 * The block size, or zero if not a block cipher 40 */ 41 protected int block_size; 42 43 /** 44 * The size of MAC used under this connection state 45 */ 46 protected int hash_size; 47 48 /** 49 * Write sequence number which is incremented after each 50 * encrypt call 51 */ 52 protected final byte[] write_seq_num = {0, 0, 0, 0, 0, 0, 0, 0}; 53 54 /** 55 * Read sequence number which is incremented after each 56 * decrypt call 57 */ 58 protected final byte[] read_seq_num = {0, 0, 0, 0, 0, 0, 0, 0}; 59 60 protected Logger.Stream logger = Logger.getStream("conn_state"); 61 62 /** 63 * Returns the minimal possible size of the 64 * Generic[Stream|Block]Cipher structure under this 65 * connection state. 66 */ 67 protected int getMinFragmentSize() { 68 // block ciphers return value with padding included 69 return encCipher.getOutputSize(1+hash_size); // 1 byte for data 70 } 71 72 /** 73 * Returns the size of the Generic[Stream|Block]Cipher structure 74 * corresponding to the content data of specified size. 75 */ 76 protected int getFragmentSize(int content_size) { 77 return encCipher.getOutputSize(content_size+hash_size); 78 } 79 80 /** 81 * Returns the minimal upper bound of the content size enclosed 82 * into the Generic[Stream|Block]Cipher structure of specified size. 83 * For stream ciphers the returned value will be exact value. 84 */ 85 protected int getContentSize(int generic_cipher_size) { 86 //it does not take the padding of block ciphered structures 87 //into account (so returned value can be greater than actual) 88 return decCipher.getOutputSize(generic_cipher_size)-hash_size; 89 } 90 91 /** 92 * Returns the number of bytes of padding required to round the 93 * content up to the required block size. Assumes power of two 94 * block size. 95 */ 96 protected int getPaddingSize(int content_size) { 97 int mask = block_size - 1; 98 return (block_size - (content_size & mask)); 99 } 100 101 /** 102 * Creates the GenericStreamCipher or GenericBlockCipher 103 * data structure for specified data of specified type. 104 * @param type - the ContentType of the provided data 105 * @param fragment - the byte array containing the 106 * data to be encrypted under the current connection state. 107 */ 108 protected byte[] encrypt(byte type, byte[] fragment) { 109 return encrypt(type, fragment, 0, fragment.length); 110 } 111 112 /** 113 * Creates the GenericStreamCipher or GenericBlockCipher 114 * data structure for specified data of specified type. 115 * @param type - the ContentType of the provided data 116 * @param fragment - the byte array containing the 117 * data to be encrypted under the current connection state. 118 * @param offset - the offset from which the data begins with. 119 * @param len - the length of the data. 120 */ 121 protected abstract byte[] encrypt 122 (byte type, byte[] fragment, int offset, int len); 123 124 /** 125 * Retrieves the fragment of the Plaintext structure of 126 * the specified type from the provided data. 127 * @param type - the ContentType of the data to be decrypted. 128 * @param fragment - the byte array containing the 129 * data to be encrypted under the current connection state. 130 */ 131 protected byte[] decrypt(byte type, byte[] fragment) { 132 return decrypt(type, fragment, 0, fragment.length); 133 } 134 135 /** 136 * Retrieves the fragment of the Plaintext structure of 137 * the specified type from the provided data. 138 * @param type - the ContentType of the data to be decrypted. 139 * @param fragment - the byte array containing the 140 * data to be encrypted under the current connection state. 141 * @param offset - the offset from which the data begins with. 142 * @param len - the length of the data. 143 */ 144 protected abstract byte[] decrypt 145 (byte type, byte[] fragment, int offset, int len); 146 147 /** 148 * Increments the sequence number. 149 */ 150 protected static void incSequenceNumber(byte[] seq_num) { 151 int octet = 7; 152 while (octet >= 0) { 153 seq_num[octet] ++; 154 if (seq_num[octet] == 0) { 155 // characteristic overflow, so 156 // carrying a number in adding 157 octet --; 158 } else { 159 return; 160 } 161 } 162 } 163 164 /** 165 * Shutdownes the protocol. It will be impossiblke to use the instance 166 * after the calling of this method. 167 */ 168 protected void shutdown() { 169 encCipher = null; 170 decCipher = null; 171 for (int i=0; i<write_seq_num.length; i++) { 172 write_seq_num[i] = 0; 173 read_seq_num[i] = 0; 174 } 175 } 176 } 177 178
