Allow for providing a JCE provider in JceAesBlockCipher

This refactors JceAesBlockCipher and SivMode to accept, next to
the no-arg const, a single arg constructor accepting a jce provider, but
still using the default AES implementation.

Bonus: Visibility of JceAesBlockCipher const fixed to reflect the class
 visibility and typo fixed in JceAesBlockCipherTest

refs #10

Author: patrickfav

src/main/java/org/cryptomator/siv/JceAesBlockCipher.java

@@ -3,14 +3,15 @@
  * Copyright (c) 2016 Sebastian Stenzel
  * This file is licensed under the terms of the MIT license.
  * See the LICENSE.txt file for more info.
- * 
+ *
  * Contributors:
  *     Sebastian Stenzel - initial API and implementation
  ******************************************************************************/
 
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
 
 import javax.crypto.Cipher;
 import javax.crypto.NoSuchPaddingException;
@@ -24,12 +25,12 @@
 
 /**
  * Adapter class between BouncyCastle's {@link BlockCipher} and JCE's {@link Cipher} API.
- * 
+ *
  * <p>
  * As per contract of {@link BlockCipher#processBlock(byte[], int, byte[], int)}, this class is designed to encrypt or decrypt just <b>one single block</b> at a time.
  * JCE doesn't allow us to retrieve the plain cipher without a mode, so we explicitly request {@value #SINGLE_BLOCK_PLAIN_AES_JCE_CIPHER_NAME}.
  * This is by design, because we want the plain cipher for a single 128 bit block without any mode. We're not actually using ECB mode.
- * 
+ *
  * <p>
  * This is a package-private class only used to encrypt the 128 bit counter during SIV mode.
  */
@@ -43,9 +44,17 @@ final class JceAesBlockCipher implements BlockCipher {
 	private Key key;
 	private int opmode;
 
-	public JceAesBlockCipher() {
+	JceAesBlockCipher() {
+        this(null);
+    }
+
+	JceAesBlockCipher(Provider provider) {
 		try {
-			this.cipher = Cipher.getInstance(SINGLE_BLOCK_PLAIN_AES_JCE_CIPHER_NAME); // defaults to SunJCE but allows to configure different providers
+			if(provider != null) {
+				this.cipher = Cipher.getInstance(SINGLE_BLOCK_PLAIN_AES_JCE_CIPHER_NAME, provider);
+			} else {
+				this.cipher = Cipher.getInstance(SINGLE_BLOCK_PLAIN_AES_JCE_CIPHER_NAME); // defaults to SunJCE
+			}
 		} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
 			throw new IllegalStateException("Every implementation of the Java platform is required to support AES/ECB/NoPadding.");
 		}

src/main/java/org/cryptomator/siv/SivMode.java

@@ -9,6 +9,7 @@
  ******************************************************************************/
 
 import java.nio.ByteBuffer;
+import java.security.Provider;
 import java.util.Arrays;
 
 import javax.crypto.IllegalBlockSizeException;
@@ -40,11 +41,24 @@ public final class SivMode {
 	 * @see #SivMode(BlockCipherFactory)
 	 */
 	public SivMode() {
+		this((Provider) null);
+	}
+
+	/**
+	 * Creates an AES-SIV instance using a custom JCE's security provider<br>
+	 *
+	 * For embedded systems, you might want to consider using {@link #SivMode(BlockCipherFactory)} with {@link AESLightEngine} instead.
+	 *
+	 * @param jceSecurityProvider to use to create the internal {@link javax.crypto.Cipher} instance
+	 *
+	 * @see #SivMode(BlockCipherFactory)
+	 */
+	public SivMode(final Provider jceSecurityProvider) {
 		this(new BlockCipherFactory() {
 
 			@Override
 			public BlockCipher create() {
-				return new JceAesBlockCipher();
+				return new JceAesBlockCipher(jceSecurityProvider);
 			}
 
 		});

src/test/java/org/cryptomator/siv/JceAesBlockCipherTest.java

@@ -3,7 +3,7 @@
  * Copyright (c) 2016 Sebastian Stenzel
  * This file is licensed under the terms of the MIT license.
  * See the LICENSE.txt file for more info.
- * 
+ *
  * Contributors:
  *     Sebastian Stenzel - initial API and implementation
  ******************************************************************************/
@@ -16,6 +16,9 @@
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 
+import java.security.Provider;
+import java.security.Security;
+
 public class JceAesBlockCipherTest {
 
 	@Rule
@@ -51,13 +54,31 @@ public void testInitForEncryption() {
 		cipher.init(true, new KeyParameter(new byte[16]));
 	}
 
+	@Test
+	public void testInitForEncryptionWithProvider() {
+        JceAesBlockCipher cipher = new JceAesBlockCipher(getSunJceProvider());
+		cipher.init(true, new KeyParameter(new byte[16]));
+	}
+
 	@Test
 	public void testInitForDecryption() {
 		JceAesBlockCipher cipher = new JceAesBlockCipher();
 		cipher.init(false, new KeyParameter(new byte[16]));
 	}
 
 	@Test
+	public void testInitForDecryptionWithProvider() {
+        JceAesBlockCipher cipher = new JceAesBlockCipher(getSunJceProvider());
+		cipher.init(false, new KeyParameter(new byte[16]));
+	}
+
+    private Provider getSunJceProvider() {
+        Provider provider = Security.getProvider("SunJCE");
+        Assert.assertNotNull(provider);
+        return provider;
+    }
+
+    @Test
 	public void testGetAlgorithmName() {
 		JceAesBlockCipher cipher = new JceAesBlockCipher();
 		Assert.assertEquals("AES", cipher.getAlgorithmName());
@@ -77,7 +98,7 @@ public void testProcessBlockWithUninitializedCipher() {
 	}
 
 	@Test
-	public void testProcessBlockWithUnsufficientInput() {
+	public void testProcessBlockWithInsufficientInput() {
 		JceAesBlockCipher cipher = new JceAesBlockCipher();
 		cipher.init(true, new KeyParameter(new byte[16]));
 		thrown.expect(DataLengthException.class);
@@ -86,7 +107,7 @@ public void testProcessBlockWithUnsufficientInput() {
 	}
 
 	@Test
-	public void testProcessBlockWithUnsufficientOutput() {
+	public void testProcessBlockWithInsufficientOutput() {
 		JceAesBlockCipher cipher = new JceAesBlockCipher();
 		cipher.init(true, new KeyParameter(new byte[16]));
 		thrown.expect(DataLengthException.class);
@@ -96,20 +117,28 @@ public void testProcessBlockWithUnsufficientOutput() {
 
 	@Test
 	public void testProcessBlock() {
-		JceAesBlockCipher cipher = new JceAesBlockCipher();
-		cipher.init(true, new KeyParameter(new byte[16]));
-		byte[] ciphertext = new byte[16];
-		int encrypted = cipher.processBlock(new byte[20], 0, ciphertext, 0);
-		Assert.assertEquals(16, encrypted);
-
-		cipher.init(false, new KeyParameter(new byte[16]));
-		byte[] cleartext = new byte[16];
-		int decrypted = cipher.processBlock(ciphertext, 0, cleartext, 0);
-		Assert.assertEquals(16, decrypted);
-		Assert.assertArrayEquals(new byte[16], cleartext);
-	}
-
-	@Test
+        testProcessBlock(new JceAesBlockCipher());
+    }
+
+    @Test
+    public void testProcessBlockWithProvider() {
+        testProcessBlock(new JceAesBlockCipher(getSunJceProvider()));
+    }
+
+    private void testProcessBlock(JceAesBlockCipher cipher) {
+        cipher.init(true, new KeyParameter(new byte[16]));
+        byte[] ciphertext = new byte[16];
+        int encrypted = cipher.processBlock(new byte[20], 0, ciphertext, 0);
+        Assert.assertEquals(16, encrypted);
+
+        cipher.init(false, new KeyParameter(new byte[16]));
+        byte[] cleartext = new byte[16];
+        int decrypted = cipher.processBlock(ciphertext, 0, cleartext, 0);
+        Assert.assertEquals(16, decrypted);
+        Assert.assertArrayEquals(new byte[16], cleartext);
+    }
+
+    @Test
 	public void testResetBeforeInitDoesNotThrowExceptions() {
 		JceAesBlockCipher cipher = new JceAesBlockCipher();
 		cipher.reset();

src/test/java/org/cryptomator/siv/SivModeTest.java

@@ -10,6 +10,8 @@
 
 import java.io.IOException;
 import java.security.InvalidKeyException;
+import java.security.Provider;
+import java.security.Security;
 
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.SecretKey;
@@ -141,6 +143,9 @@ public void testGenerateKeyStream1() {
 
 		final byte[] result = new SivMode().generateKeyStream(ctrKey, ctr, 1);
 		Assert.assertArrayEquals(expected, result);
+
+		final byte[] resultProvider = new SivMode(getSunJceProvider()).generateKeyStream(ctrKey, ctr, 1);
+		Assert.assertArrayEquals(expected, resultProvider);
 	}
 
 	// CTR-AES https://tools.ietf.org/html/rfc5297#appendix-A.2
@@ -199,6 +204,9 @@ public void testS2v() {
 
 		final byte[] result = new SivMode().s2v(macKey, plaintext, ad);
 		Assert.assertArrayEquals(expected, result);
+
+		final byte[] resultProvider = new SivMode(getSunJceProvider()).s2v(macKey, plaintext, ad);
+		Assert.assertArrayEquals(expected, resultProvider);
 	}
 
 	@Test
@@ -584,4 +592,9 @@ public void testGeneratedTestCases() throws IOException, UnauthenticCiphertextEx
 		}
 	}
 
+	private Provider getSunJceProvider() {
+		Provider provider = Security.getProvider("SunJCE");
+		Assert.assertNotNull(provider);
+		return provider;
+	}
 }