예제 #1
0
  public byte[] encodePlaintext(short type, byte[] plaintext, int offset, int len) {
    int blocksize = encryptCipher.getBlockSize();
    int padding_length = blocksize - 1 - ((len + writeMac.getSize()) % blocksize);

    boolean isTls =
        context.getServerVersion().getFullVersion() >= ProtocolVersion.TLSv10.getFullVersion();

    if (isTls) {
      // Add a random number of extra blocks worth of padding
      int maxExtraPadBlocks = (255 - padding_length) / blocksize;
      int actualExtraPadBlocks = chooseExtraPadBlocks(context.getSecureRandom(), maxExtraPadBlocks);
      padding_length += actualExtraPadBlocks * blocksize;
    }

    int totalsize = len + writeMac.getSize() + padding_length + 1;
    byte[] outbuf = new byte[totalsize];
    System.arraycopy(plaintext, offset, outbuf, 0, len);
    byte[] mac = writeMac.calculateMac(type, plaintext, offset, len);
    System.arraycopy(mac, 0, outbuf, len, mac.length);
    int paddoffset = len + mac.length;
    for (int i = 0; i <= padding_length; i++) {
      outbuf[i + paddoffset] = (byte) padding_length;
    }
    for (int i = 0; i < totalsize; i += blocksize) {
      encryptCipher.processBlock(outbuf, i, outbuf, i);
    }
    return outbuf;
  }
예제 #2
0
  protected int checkPaddingConstantTime(byte[] buf, int off, int len, int blockSize, int macSize) {
    int end = off + len;
    byte lastByte = buf[end - 1];
    int padlen = lastByte & 0xff;
    int totalPad = padlen + 1;

    int dummyIndex = 0;
    byte padDiff = 0;

    boolean isTls =
        context.getServerVersion().getFullVersion() >= ProtocolVersion.TLSv10.getFullVersion();

    if ((!isTls && totalPad > blockSize) || (macSize + totalPad > len)) {
      totalPad = 0;
    } else {
      int padPos = end - totalPad;
      do {
        padDiff |= (buf[padPos++] ^ lastByte);
      } while (padPos < end);

      dummyIndex = totalPad;

      if (padDiff != 0) {
        totalPad = 0;
      }
    }

    // Run some extra dummy checks so the number of checks is always constant
    {
      byte[] dummyPad = randomData;
      while (dummyIndex < 256) {
        padDiff |= (dummyPad[dummyIndex++] ^ lastByte);
      }
      // Ensure the above loop is not eliminated
      dummyPad[0] ^= padDiff;
    }

    return totalPad;
  }