| /* |
| * Copyright (C) 2012 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package android.content.pm; |
| |
| import java.io.FilterInputStream; |
| import java.io.IOException; |
| import java.io.InputStream; |
| |
| import javax.crypto.Mac; |
| |
| /** |
| * An input stream filter that applies a MAC to the data passing through it. At |
| * the end of the data that should be authenticated, the tag can be calculated. |
| * After that, the stream should not be used. |
| * |
| * @hide |
| */ |
| public class MacAuthenticatedInputStream extends FilterInputStream { |
| private final Mac mMac; |
| |
| public MacAuthenticatedInputStream(InputStream in, Mac mac) { |
| super(in); |
| |
| mMac = mac; |
| } |
| |
| public boolean isTagEqual(byte[] tag) { |
| final byte[] actualTag = mMac.doFinal(); |
| |
| if (tag == null || actualTag == null || tag.length != actualTag.length) { |
| return false; |
| } |
| |
| /* |
| * Attempt to prevent timing attacks by doing the same amount of work |
| * whether the first byte matches or not. Do not change this to a loop |
| * that exits early when a byte does not match. |
| */ |
| int value = 0; |
| for (int i = 0; i < tag.length; i++) { |
| value |= tag[i] ^ actualTag[i]; |
| } |
| |
| return value == 0; |
| } |
| |
| @Override |
| public int read() throws IOException { |
| final int b = super.read(); |
| if (b >= 0) { |
| mMac.update((byte) b); |
| } |
| return b; |
| } |
| |
| @Override |
| public int read(byte[] buffer, int offset, int count) throws IOException { |
| int numRead = super.read(buffer, offset, count); |
| if (numRead > 0) { |
| mMac.update(buffer, offset, numRead); |
| } |
| return numRead; |
| } |
| } |