Skip to content

Commit

Permalink
Merge pull request #261 from pshipton/merge0.41
Browse files Browse the repository at this point in the history 
Merge latest OpenJ9 changes to 0.41
  • Loading branch information
@JasonFengJ9
JasonFengJ9 authored Sep 13, 2023
2 parents 3efcafc + b5abce7 commit 3525368
Show file tree
Hide file tree
Showing 7 changed files with 379 additions and 328 deletions.
2 changes: 1 addition & 1 deletion closed/autoconf/custom-hook.m4
View file
Original file line number Diff line number Diff line change
Expand Up @@ -353,7 +353,7 @@ AC_DEFUN([OPENJ9_CONFIGURE_CRIU_SUPPORT],
AC_MSG_RESULT([no (explicitly disabled)])
elif test "x$enable_criu_support" = x ; then
case "$OPENJ9_PLATFORM_CODE" in
xa64|xr64|xz64)
xa64|xl64|xr64|xz64)
AC_MSG_RESULT([yes (default)])
OPENJ9_ENABLE_CRIU_SUPPORT=true
;;
Expand Down
111 changes: 94 additions & 17 deletions closed/src/java.base/share/classes/com/sun/crypto/provider/NativeGaloisCounterMode.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,31 +24,45 @@
*/
/*
* ===========================================================================
* (c) Copyright IBM Corp. 2018, 2021 All Rights Reserved
* (c) Copyright IBM Corp. 2018, 2023 All Rights Reserved
* ===========================================================================
*/

package com.sun.crypto.provider;

import java.util.Arrays;
import java.io.*;
import java.security.*;
import javax.crypto.*;
import com.sun.crypto.provider.AESCrypt;
import sun.security.jca.JCAUtil;
import sun.security.util.ArrayUtil;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.ref.Cleaner;
import java.nio.ByteBuffer;
import java.security.AlgorithmParameters;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidParameterSpecException;
import java.nio.ByteBuffer;
import jdk.crypto.jniprovider.NativeCrypto;
import java.util.Arrays;

import sun.nio.ch.DirectBuffer;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.VarHandle;
import java.nio.ByteOrder;
import javax.crypto.AEADBadTagException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.CipherSpi;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.ShortBufferException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.GCMParameterSpec;

import jdk.crypto.jniprovider.NativeCrypto;
import jdk.internal.ref.CleanerFactory;

import sun.security.jca.JCAUtil;
import sun.security.util.ArrayUtil;

/**
* This class represents ciphers in GaloisCounter (GCM) mode.
*
Expand All @@ -68,6 +82,7 @@ abstract class NativeGaloisCounterMode extends CipherSpi {

private byte[] key;
private boolean encryption = true;
private final long context;

private static final int DEFAULT_TAG_LEN = 16; // in bytes
private static final int DEFAULT_IV_LEN = 12; // in bytes
Expand Down Expand Up @@ -97,10 +112,35 @@ abstract class NativeGaloisCounterMode extends CipherSpi {
byte[] lastKey = EMPTY_BUF;
byte[] lastIv = EMPTY_BUF;

private boolean newIVLen;
private boolean newKeyLen;

byte[] iv;
SecureRandom random;

private static final NativeCrypto nativeCrypto = NativeCrypto.getNativeCrypto();
private static final Cleaner contextCleaner = CleanerFactory.cleaner();

private static final class GCMCleanerRunnable implements Runnable {
private final long nativeContext;

public GCMCleanerRunnable(long nativeContext) {
this.nativeContext = nativeContext;
}

@Override
public void run() {
/*
* Release the GCM context.
*/
synchronized (NativeGaloisCounterMode.class) {
long ret = nativeCrypto.DestroyContext(nativeContext);
if (ret == -1) {
throw new ProviderException("Error in destroying context in NativeGaloisCounterMode.");
}
}
}
}

/*
* Constructor
Expand All @@ -109,6 +149,12 @@ abstract class NativeGaloisCounterMode extends CipherSpi {
tagLenBytes = DEFAULT_TAG_LEN;
blockCipher = embeddedCipher;
this.keySize = keySize;

context = nativeCrypto.CreateContext();
if (context == -1) {
throw new ProviderException("Error in creating context for NativeGaloisCounterMode.");
}
contextCleaner.register(this, new GCMCleanerRunnable(context));
}

/**
Expand Down Expand Up @@ -145,6 +191,19 @@ void init(int opmode, Key key, GCMParameterSpec spec)
}
this.key = keyValue.clone();

/*
* Check whether cipher and IV need to be set,
* whether because something changed here or
* a call to set them in context hasn't been
* made yet.
*/
if (lastIv.length != this.iv.length) {
newIVLen = true;
}
if (lastKey.length != this.key.length) {
newKeyLen = true;
}

// Check for reuse
if (encryption) {
if (MessageDigest.isEqual(keyValue, lastKey) &&
Expand Down Expand Up @@ -767,17 +826,25 @@ public int doFinal(byte[] in, int inOfs, int inLen, byte[] out,
byte[] aad = ((aadBuffer == null) || (aadBuffer.size() == 0)) ? EMPTY_BUF : aadBuffer.toByteArray();
aadBuffer = null;

ret = nativeCrypto.GCMEncrypt(key, key.length,
ret = nativeCrypto.GCMEncrypt(context,
key, key.length,
iv, iv.length,
in, inOfs, inLen,
out, outOfs,
aad, aad.length, localTagLenBytes);
aad, aad.length,
localTagLenBytes,
newIVLen,
newKeyLen);
}

if (ret == -1) {
throw new ProviderException("Error in Native GaloisCounterMode");
}

/* Cipher and IV length were set, since call to GCMEncrypt succeeded. */
newKeyLen = false;
newIVLen = false;

reInit = true;
return inLen + localTagLenBytes;
}
Expand Down Expand Up @@ -960,17 +1027,27 @@ public int doFinal(byte[] in, int inOfs, int inLen, byte[] out,
inOfs = 0;
inLen = in.length;
ibuffer.reset();
ret = nativeCrypto.GCMDecrypt(key, key.length,

ret = nativeCrypto.GCMDecrypt(context,
key, key.length,
iv, iv.length,
in, inOfs, inLen,
out, outOfs,
aad, aad.length, tagLenBytes);
aad, aad.length,
tagLenBytes,
newIVLen,
newKeyLen);
}
if (ret == -2) {
throw new AEADBadTagException("Tag mismatch!");
} else if (ret == -1) {
throw new ProviderException("Error in Native GaloisCounterMode");
}

/* Cipher and IV length were set, since call to GCMDecrypt succeeded. */
newKeyLen = false;
newIVLen = false;

return ret;
}

Expand Down
16 changes: 11 additions & 5 deletions closed/src/java.base/share/classes/jdk/crypto/jniprovider/NativeCrypto.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ public final native int DigestComputeAndReset(long context,

public final native int DigestReset(long context);

/* Native interfaces shared by CBC and ChaCha20 */
/* Native interfaces shared by CBC, ChaCha20 and GCM. */

public final native long CreateContext();

Expand Down Expand Up @@ -252,7 +252,8 @@ public final native int CBCFinalEncrypt(long context,

/* Native GCM interfaces */

public final native int GCMEncrypt(byte[] key,
public final native int GCMEncrypt(long context,
byte[] key,
int keylen,
byte[] iv,
int ivlen,
Expand All @@ -263,9 +264,12 @@ public final native int GCMEncrypt(byte[] key,
int outOffset,
byte[] aad,
int aadLen,
int tagLen);
int tagLen,
boolean newIVLen,
boolean newKeyLen);

public final native int GCMDecrypt(byte[] key,
public final native int GCMDecrypt(long context,
byte[] key,
int keylen,
byte[] iv,
int ivlen,
Expand All @@ -276,7 +280,9 @@ public final native int GCMDecrypt(byte[] key,
int outOffset,
byte[] aad,
int aadLen,
int tagLen);
int tagLen,
boolean newIVLen,
boolean newKeyLen);

/* Native RSA interfaces */

Expand Down
Loading

0 comments on commit 3525368

Please sign in to comment.