Version 1.2.0 is now compatible with Android API Level 16 (Removed use of AEADBadTagException)

overheadhunter · overheadhunter · commit 31cccc9bd825 · 2016-11-07T23:58:58.000+01:00
diff --git a/README.md b/README.md
@@ -14,6 +14,10 @@
 - Defaults on AES, but supports any block cipher with a 128-bit block size.
 - Supports any key sizes that the block cipher supports (e.g. 128/192/256-bit keys for AES)
 - Thread-safe
+- Compatible with Android API Level 16 (since version 1.2.0)
+
+## Audits
+- [Version 1.0.8 audit by Tim McLean](https://www.chosenplaintext.ca/publications/20161104-siv-mode-report.pdf) (Issues fixed with 1.1.0)
 
 ## Usage
 ```java
@@ -37,7 +41,7 @@ public void encryptWithAssociatedData() {
   <dependency>
     <groupId>org.cryptomator</groupId>
     <artifactId>siv-mode</artifactId>
-    <version>1.1.1</version>
+    <version>1.2.0</version>
   </dependency>
 </dependencies>
 ```
diff --git a/pom.xml b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>siv-mode</artifactId>
-	<version>1.1.1</version>
+	<version>1.2.0</version>
 
 	<name>SIV Mode</name>
 	<description>RFC 5297 SIV mode: deterministic authenticated encryption</description>
diff --git a/src/main/java/org/cryptomator/siv/SivMode.java b/src/main/java/org/cryptomator/siv/SivMode.java
@@ -11,7 +11,6 @@
 import java.nio.ByteBuffer;
 import java.util.Arrays;
 
-import javax.crypto.AEADBadTagException;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.SecretKey;
 
@@ -159,10 +158,10 @@ public byte[] encrypt(byte[] ctrKey, byte[] macKey, byte[] plaintext, byte[]...
 	 * @param associatedData Optional associated data, which needs to be authenticated during decryption.
 	 * @return Plaintext byte array.
 	 * @throws IllegalArgumentException If keys are invalid or {@link SecretKey#getEncoded()} is not supported.
-	 * @throws AEADBadTagException If the authentication failed, e.g. because ciphertext and/or associatedData are corrupted.
+	 * @throws UnauthenticCiphertextException If the authentication failed, e.g. because ciphertext and/or associatedData are corrupted.
 	 * @throws IllegalBlockSizeException If the provided ciphertext is of invalid length.
 	 */
-	public byte[] decrypt(SecretKey ctrKey, SecretKey macKey, byte[] ciphertext, byte[]... associatedData) throws AEADBadTagException, IllegalBlockSizeException {
+	public byte[] decrypt(SecretKey ctrKey, SecretKey macKey, byte[] ciphertext, byte[]... associatedData) throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		final byte[] ctrKeyBytes = ctrKey.getEncoded();
 		final byte[] macKeyBytes = macKey.getEncoded();
 		if (ctrKeyBytes == null || macKeyBytes == null) {
@@ -185,10 +184,10 @@ public byte[] decrypt(SecretKey ctrKey, SecretKey macKey, byte[] ciphertext, byt
 	 * @param associatedData Optional associated data, which needs to be authenticated during decryption.
 	 * @return Plaintext byte array.
 	 * @throws IllegalArgumentException If the either of the two keys is of invalid length for the used {@link BlockCipher}.
-	 * @throws AEADBadTagException If the authentication failed, e.g. because ciphertext and/or associatedData are corrupted.
+	 * @throws UnauthenticCiphertextException If the authentication failed, e.g. because ciphertext and/or associatedData are corrupted.
 	 * @throws IllegalBlockSizeException If the provided ciphertext is of invalid length.
 	 */
-	public byte[] decrypt(byte[] ctrKey, byte[] macKey, byte[] ciphertext, byte[]... associatedData) throws AEADBadTagException, IllegalBlockSizeException {
+	public byte[] decrypt(byte[] ctrKey, byte[] macKey, byte[] ciphertext, byte[]... associatedData) throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		if (ciphertext.length < 16) {
 			throw new IllegalBlockSizeException("Input length must be greater than or equal 16.");
 		}
@@ -230,7 +229,7 @@ public byte[] decrypt(byte[] ctrKey, byte[] macKey, byte[] ciphertext, byte[]...
 		if (diff == 0) {
 			return plaintext;
 		} else {
-			throw new AEADBadTagException("authentication in SIV decryption failed");
+			throw new UnauthenticCiphertextException("authentication in SIV decryption failed");
 		}
 	}
 
diff --git a/src/main/java/org/cryptomator/siv/UnauthenticCiphertextException.java b/src/main/java/org/cryptomator/siv/UnauthenticCiphertextException.java
@@ -0,0 +1,14 @@
+package org.cryptomator.siv;
+
+import javax.crypto.BadPaddingException;
+
+/**
+ * Drop-in replacement for {@link javax.crypto.AEADBadTagException}, which is not available on some older Android systems.
+ */
+public class UnauthenticCiphertextException extends BadPaddingException {
+
+	public UnauthenticCiphertextException(String message) {
+		super(message);
+	}
+
+}
diff --git a/src/test/java/org/cryptomator/siv/SivModeBenchmark.java b/src/test/java/org/cryptomator/siv/SivModeBenchmark.java
@@ -11,7 +11,6 @@
 import java.util.Arrays;
 import java.util.concurrent.TimeUnit;
 
-import javax.crypto.AEADBadTagException;
 import javax.crypto.IllegalBlockSizeException;
 
 import org.bouncycastle.crypto.BlockCipher;
@@ -75,7 +74,7 @@ public void shuffleData() {
 	}
 
 	@Benchmark
-	public void benchmarkJce(Blackhole bh) throws AEADBadTagException, IllegalBlockSizeException {
+	public void benchmarkJce(Blackhole bh) throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		byte[] encrypted = jceSivMode.encrypt(encKey, macKey, cleartextData, associatedData);
 		byte[] decrypted = jceSivMode.decrypt(encKey, macKey, encrypted, associatedData);
 		Assert.assertArrayEquals(cleartextData, decrypted);
@@ -84,7 +83,7 @@ public void benchmarkJce(Blackhole bh) throws AEADBadTagException, IllegalBlockS
 	}
 
 	@Benchmark
-	public void benchmarkBcFast(Blackhole bh) throws AEADBadTagException, IllegalBlockSizeException {
+	public void benchmarkBcFast(Blackhole bh) throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		byte[] encrypted = bcFastSivMode.encrypt(encKey, macKey, cleartextData, associatedData);
 		byte[] decrypted = bcFastSivMode.decrypt(encKey, macKey, encrypted, associatedData);
 		Assert.assertArrayEquals(cleartextData, decrypted);
@@ -93,7 +92,7 @@ public void benchmarkBcFast(Blackhole bh) throws AEADBadTagException, IllegalBlo
 	}
 
 	@Benchmark
-	public void benchmarkBcLight(Blackhole bh) throws AEADBadTagException, IllegalBlockSizeException {
+	public void benchmarkBcLight(Blackhole bh) throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		byte[] encrypted = bcLightSivMode.encrypt(encKey, macKey, cleartextData, associatedData);
 		byte[] decrypted = bcLightSivMode.decrypt(encKey, macKey, encrypted, associatedData);
 		Assert.assertArrayEquals(cleartextData, decrypted);
diff --git a/src/test/java/org/cryptomator/siv/SivModeTest.java b/src/test/java/org/cryptomator/siv/SivModeTest.java
@@ -11,7 +11,6 @@
 import java.io.IOException;
 import java.security.InvalidKeyException;
 
-import javax.crypto.AEADBadTagException;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -76,7 +75,7 @@ public BlockCipher create() {
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void testDecryptWithInvalidKey1() throws AEADBadTagException, IllegalBlockSizeException {
+	public void testDecryptWithInvalidKey1() throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		SecretKey key1 = Mockito.mock(SecretKey.class);
 		Mockito.when(key1.getEncoded()).thenReturn(null);
 		SecretKey key2 = Mockito.mock(SecretKey.class);
@@ -86,7 +85,7 @@ public void testDecryptWithInvalidKey1() throws AEADBadTagException, IllegalBloc
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void testDecryptWithInvalidKey2() throws AEADBadTagException, IllegalBlockSizeException {
+	public void testDecryptWithInvalidKey2() throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		SecretKey key1 = Mockito.mock(SecretKey.class);
 		Mockito.when(key1.getEncoded()).thenReturn(new byte[16]);
 		SecretKey key2 = Mockito.mock(SecretKey.class);
@@ -96,7 +95,7 @@ public void testDecryptWithInvalidKey2() throws AEADBadTagException, IllegalBloc
 	}
 
 	@Test(expected = IllegalBlockSizeException.class)
-	public void testDecryptWithInvalidBlockSize() throws AEADBadTagException, IllegalBlockSizeException {
+	public void testDecryptWithInvalidBlockSize() throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		final byte[] dummyKey = new byte[16];
 		final SecretKey ctrKey = new SecretKeySpec(dummyKey, "AES");
 		final SecretKey macKey = new SecretKeySpec(dummyKey, "AES");
@@ -114,7 +113,7 @@ public void testEncryptAssociatedDataLimit() {
 	}
 
 	@Test(expected = IllegalArgumentException.class)
-	public void testDecryptAssociatedDataLimit() throws AEADBadTagException, IllegalBlockSizeException {
+	public void testDecryptAssociatedDataLimit() throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		final byte[] ctrKey = new byte[16];
 		final byte[] macKey = new byte[16];
 		final byte[] plaintext = new byte[80];
@@ -188,7 +187,7 @@ public void testSivEncrypt() {
 	}
 
 	@Test
-	public void testSivDecrypt() throws AEADBadTagException, IllegalBlockSizeException {
+	public void testSivDecrypt() throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		final byte[] macKey = {(byte) 0xff, (byte) 0xfe, (byte) 0xfd, (byte) 0xfc, //
 				(byte) 0xfb, (byte) 0xfa, (byte) 0xf9, (byte) 0xf8, //
 				(byte) 0xf7, (byte) 0xf6, (byte) 0xf5, (byte) 0xf4, //
@@ -224,8 +223,8 @@ public void testSivDecrypt() throws AEADBadTagException, IllegalBlockSizeExcepti
 		Assert.assertArrayEquals(expected, result);
 	}
 
-	@Test(expected = AEADBadTagException.class)
-	public void testSivDecryptWithInvalidKey() throws AEADBadTagException, IllegalBlockSizeException {
+	@Test(expected = UnauthenticCiphertextException.class)
+	public void testSivDecryptWithInvalidKey() throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		final byte[] macKey = {(byte) 0xff, (byte) 0xfe, (byte) 0xfd, (byte) 0xfc, //
 				(byte) 0xfb, (byte) 0xfa, (byte) 0xf9, (byte) 0xf8, //
 				(byte) 0xf7, (byte) 0xf6, (byte) 0xf5, (byte) 0xf4, //
@@ -256,7 +255,7 @@ public void testSivDecryptWithInvalidKey() throws AEADBadTagException, IllegalBl
 	}
 
 	@Test(expected = IllegalBlockSizeException.class)
-	public void testSivDecryptWithInvalidCiphertext() throws AEADBadTagException, IllegalBlockSizeException {
+	public void testSivDecryptWithInvalidCiphertext() throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		final byte[] macKey = {(byte) 0xff, (byte) 0xfe, (byte) 0xfd, (byte) 0xfc, //
 				(byte) 0xfb, (byte) 0xfa, (byte) 0xf9, (byte) 0xf8, //
 				(byte) 0xf7, (byte) 0xf6, (byte) 0xf5, (byte) 0xf4, //
@@ -346,7 +345,7 @@ public void testNonceBasedAuthenticatedEncryption() throws InvalidKeyException {
 	}
 
 	@Test
-	public void testEncryptionAndDecryptionUsingJavaxCryptoApi() throws AEADBadTagException, IllegalBlockSizeException {
+	public void testEncryptionAndDecryptionUsingJavaxCryptoApi() throws UnauthenticCiphertextException, IllegalBlockSizeException {
 		final byte[] dummyKey = new byte[16];
 		final SecretKey ctrKey = new SecretKeySpec(dummyKey, "AES");
 		final SecretKey macKey = new SecretKeySpec(dummyKey, "AES");
@@ -423,7 +422,7 @@ public void testXorend() {
 	}
 
 	@Test
-	public void testGeneratedTestCases() throws IOException, AEADBadTagException, IllegalBlockSizeException {
+	public void testGeneratedTestCases() throws IOException, UnauthenticCiphertextException, IllegalBlockSizeException {
 		final EncryptionTestCase[] allTestCases = EncryptionTestCase.readTestCases();
 
 		// Check that decryption fails if the wrong MAC key is used
@@ -440,7 +439,7 @@ public void testGeneratedTestCases() throws IOException, AEADBadTagException, Il
 			try {
 				new SivMode().decrypt(testCase.getCtrKey(), macKey, testCase.getCiphertext(), testCase.getAssociatedData());
 				Assert.fail();
-			} catch (AEADBadTagException ex) {
+			} catch (UnauthenticCiphertextException ex) {
 				// Test case passed.
 			}
 		}
@@ -460,7 +459,7 @@ public void testGeneratedTestCases() throws IOException, AEADBadTagException, Il
 			try {
 				new SivMode().decrypt(testCase.getCtrKey(), testCase.getMacKey(), ciphertext, testCase.getAssociatedData());
 				Assert.fail();
-			} catch (AEADBadTagException ex) {
+			} catch (UnauthenticCiphertextException ex) {
 				// Test case passed.
 			}
 		}
@@ -486,7 +485,7 @@ public void testGeneratedTestCases() throws IOException, AEADBadTagException, Il
 				try {
 					new SivMode().decrypt(testCase.getCtrKey(), testCase.getMacKey(), testCase.getCiphertext(), ad);
 					Assert.fail();
-				} catch (AEADBadTagException ex) {
+				} catch (UnauthenticCiphertextException ex) {
 					// Test case passed.
 				}
 
@@ -503,7 +502,7 @@ public void testGeneratedTestCases() throws IOException, AEADBadTagException, Il
 				try {
 					new SivMode().decrypt(testCase.getCtrKey(), testCase.getMacKey(), testCase.getCiphertext(), prependedAd);
 					Assert.fail();
-				} catch (AEADBadTagException ex) {
+				} catch (UnauthenticCiphertextException ex) {
 					// Test case passed.
 				}
 
@@ -514,7 +513,7 @@ public void testGeneratedTestCases() throws IOException, AEADBadTagException, Il
 				try {
 					new SivMode().decrypt(testCase.getCtrKey(), testCase.getMacKey(), testCase.getCiphertext(), appendedAd);
 					Assert.fail();
-				} catch (AEADBadTagException ex) {
+				} catch (UnauthenticCiphertextException ex) {
 					// Test case passed.
 				}
 			}
