Using JCE implementation as a default instead of BouncyCastle's AESFastEngine

Author: overheadhunter

src/main/java/org/cryptomator/siv/JceAesBlockCipher.java

@@ -0,0 +1,102 @@
+package org.cryptomator.siv;
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ * 
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ ******************************************************************************/
+
+import java.nio.ByteBuffer;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.ShortBufferException;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.params.KeyParameter;
+
+/**
+ * Adapter class between BouncyCastle's {@link BlockCipher} and JCE's {@link Cipher} API.
+ */
+class JceAesBlockCipher implements BlockCipher {
+
+	private static final String ALG_NAME = "AES";
+	private static final String KEY_DESIGNATION = "AES";
+	private static final String JCE_CIPHER_NAME = "AES/ECB/NoPadding";
+
+	private final Cipher cipher;
+	private Key key;
+	private int opmode;
+
+	public JceAesBlockCipher() {
+		try {
+			this.cipher = Cipher.getInstance(JCE_CIPHER_NAME); // defaults to SunJCE but allows to configure different providers
+		} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
+			throw new IllegalStateException("Every implementation of the Java platform is required to support AES/ECB/NoPadding.");
+		}
+	}
+
+	@Override
+	public void init(boolean forEncryption, CipherParameters params) throws IllegalArgumentException {
+		if (params instanceof KeyParameter) {
+			init(forEncryption, (KeyParameter) params);
+		} else {
+			throw new IllegalArgumentException("Invalid or missing parameter of type KeyParameter.");
+		}
+	}
+
+	private void init(boolean forEncryption, KeyParameter keyParam) throws IllegalArgumentException {
+		this.key = new SecretKeySpec(keyParam.getKey(), KEY_DESIGNATION);
+		this.opmode = forEncryption ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE;
+		try {
+			cipher.init(opmode, key);
+		} catch (InvalidKeyException e) {
+			throw new IllegalArgumentException("Invalid key.", e);
+		}
+	}
+
+	@Override
+	public String getAlgorithmName() {
+		return ALG_NAME;
+	}
+
+	@Override
+	public int getBlockSize() {
+		return cipher.getBlockSize();
+	}
+
+	@Override
+	public int processBlock(byte[] in, int inOff, byte[] out, int outOff) throws DataLengthException, IllegalStateException {
+		if (in.length - inOff < getBlockSize()) {
+			throw new DataLengthException("Insufficient data in 'in'.");
+		}
+		ByteBuffer inBuf = ByteBuffer.wrap(in, inOff, getBlockSize());
+		ByteBuffer outBuf = ByteBuffer.wrap(out, outOff, out.length - outOff);
+		try {
+			return cipher.update(inBuf, outBuf);
+		} catch (ShortBufferException e) {
+			throw new DataLengthException("Insufficient space in 'out'.");
+		}
+	}
+
+	@Override
+	public void reset() {
+		if (key == null) {
+			return; // no-op if init has not been called yet.
+		}
+		try {
+			cipher.init(opmode, key);
+		} catch (InvalidKeyException e) {
+			throw new IllegalStateException("cipher.init(...) already invoked successfully earlier with same parameters.");
+		}
+	}
+
+}

src/main/java/org/cryptomator/siv/SivMode.java

@@ -18,7 +18,6 @@
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.CipherParameters;
 import org.bouncycastle.crypto.Mac;
-import org.bouncycastle.crypto.engines.AESFastEngine;
 import org.bouncycastle.crypto.engines.AESLightEngine;
 import org.bouncycastle.crypto.macs.CMac;
 import org.bouncycastle.crypto.paddings.ISO7816d4Padding;
@@ -35,7 +34,7 @@ public final class SivMode {
 	private final BlockCipherFactory cipherFactory;
 
 	/**
-	 * Creates an AES-SIV instance using BouncyCastle's {@link AESFastEngine}, which should normally be the best choice.<br>
+	 * Creates an AES-SIV instance using JCE's cipher implementation, which should normally be the best choice.<br>
 	 * 
 	 * For embedded systems, you might want to consider using {@link #SivMode(BlockCipherFactory)} with {@link AESLightEngine} instead.
 	 * 
@@ -46,7 +45,7 @@ public SivMode() {
 
 			@Override
 			public BlockCipher create() {
-				return new AESFastEngine();
+				return new JceAesBlockCipher();
 			}
 
 		});

src/test/java/org/cryptomator/siv/JceAesBlockCipherTest.java

@@ -0,0 +1,125 @@
+package org.cryptomator.siv;
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ * 
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ ******************************************************************************/
+
+import org.bouncycastle.crypto.DataLengthException;
+import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.junit.Assert;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+
+public class JceAesBlockCipherTest {
+
+	@Rule
+	public final ExpectedException thrown = ExpectedException.none();
+
+	@Test
+	public void testInitWithNullParam() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		thrown.expect(IllegalArgumentException.class);
+		thrown.expectMessage("missing parameter of type KeyParameter");
+		cipher.init(true, null);
+	}
+
+	@Test
+	public void testInitWithMissingKey() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		thrown.expect(IllegalArgumentException.class);
+		thrown.expectMessage("missing parameter of type KeyParameter");
+		cipher.init(true, new AsymmetricKeyParameter(true));
+	}
+
+	@Test
+	public void testInitWithInvalidKey() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		thrown.expect(IllegalArgumentException.class);
+		thrown.expectMessage("Invalid key");
+		cipher.init(true, new KeyParameter(new byte[7]));
+	}
+
+	@Test
+	public void testInitForEncryption() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		cipher.init(true, new KeyParameter(new byte[16]));
+	}
+
+	@Test
+	public void testInitForDecryption() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		cipher.init(false, new KeyParameter(new byte[16]));
+	}
+
+	@Test
+	public void testGetAlgorithmName() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		Assert.assertEquals("AES", cipher.getAlgorithmName());
+	}
+
+	@Test
+	public void testGetBlockSize() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		Assert.assertEquals(16, cipher.getBlockSize());
+	}
+
+	@Test
+	public void testProcessBlockWithUninitializedCipher() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		thrown.expect(IllegalStateException.class);
+		cipher.processBlock(new byte[16], 0, new byte[16], 0);
+	}
+
+	@Test
+	public void testProcessBlockWithUnsufficientInput() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		cipher.init(true, new KeyParameter(new byte[16]));
+		thrown.expect(DataLengthException.class);
+		thrown.expectMessage("Insufficient data in 'in'");
+		cipher.processBlock(new byte[16], 1, new byte[16], 0);
+	}
+
+	@Test
+	public void testProcessBlockWithUnsufficientOutput() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		cipher.init(true, new KeyParameter(new byte[16]));
+		thrown.expect(DataLengthException.class);
+		thrown.expectMessage("Insufficient space in 'out'");
+		cipher.processBlock(new byte[16], 0, new byte[16], 1);
+	}
+
+	@Test
+	public void testProcessBlock() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		cipher.init(true, new KeyParameter(new byte[16]));
+		byte[] ciphertext = new byte[16];
+		int encrypted = cipher.processBlock(new byte[20], 0, ciphertext, 0);
+		Assert.assertEquals(16, encrypted);
+
+		cipher.init(false, new KeyParameter(new byte[16]));
+		byte[] cleartext = new byte[16];
+		int decrypted = cipher.processBlock(ciphertext, 0, cleartext, 0);
+		Assert.assertEquals(16, decrypted);
+		Assert.assertArrayEquals(new byte[16], cleartext);
+	}
+
+	@Test
+	public void testResetBeforeInitDoesNotThrowExceptions() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		cipher.reset();
+	}
+
+	@Test
+	public void testResetAfterInitDoesNotThrowExceptions() {
+		JceAesBlockCipher cipher = new JceAesBlockCipher();
+		cipher.init(true, new KeyParameter(new byte[16]));
+		cipher.reset();
+	}
+
+}