Skip to content

Commit a912b69

Browse files
peterdettmanpeterdettman
committed
Cleanup TLS 1.2 GCM nonce generator stuff
1 parent 94607c5 commit a912b69

File tree

6 files changed

+33
-45
lines changed

6 files changed

+33
-45
lines changed

tls/src/main/java/org/bouncycastle/tls/crypto/impl/AEADNonceGenerator.java

+2-3
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,8 @@
11
package org.bouncycastle.tls.crypto.impl;
22

3-
import org.bouncycastle.tls.TlsFatalAlert;
3+
import java.io.IOException;
44

55
public interface AEADNonceGenerator
66
{
7-
public void generateNonce(byte[] nonce)
8-
throws TlsFatalAlert;
7+
public void generateNonce(byte[] nonce) throws IOException;
98
}

tls/src/main/java/org/bouncycastle/tls/crypto/impl/AEADNonceGeneratorFactory.java

-2
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,5 @@
11
package org.bouncycastle.tls.crypto.impl;
22

3-
import org.bouncycastle.tls.crypto.TlsNonceGenerator;
4-
53
public interface AEADNonceGeneratorFactory
64
{
75
AEADNonceGenerator create(byte[] baseNonce, int counterSizeInBits);

tls/src/main/java/org/bouncycastle/tls/crypto/impl/GcmTls12NonceGeneratorUtil.java

+7-12
Original file line numberDiff line numberDiff line change
@@ -1,26 +1,21 @@
11
package org.bouncycastle.tls.crypto.impl;
22

3-
import java.security.AccessController;
4-
import java.security.PrivilegedAction;
5-
6-
final public class GcmTls12NonceGeneratorUtil
3+
public final class GcmTls12NonceGeneratorUtil
74
{
8-
private static AEADNonceGeneratorFactory tlsNonceGeneratorFactory = null;
5+
private static volatile AEADNonceGeneratorFactory globalFactory = null;
96

10-
public static void setGcmTlsNonceGeneratorFactory(final AEADNonceGeneratorFactory factory)
7+
public static void setGcmTlsNonceGeneratorFactory(AEADNonceGeneratorFactory factory)
118
{
12-
tlsNonceGeneratorFactory = factory;
9+
globalFactory = factory;
1310
}
1411

1512
public static boolean isGcmFipsNonceGeneratorFactorySet()
1613
{
17-
return tlsNonceGeneratorFactory != null;
14+
return globalFactory != null;
1815
}
1916

20-
public static AEADNonceGenerator createGcmFipsNonceGenerator(final byte[] baseNonce, final int counterSizeInBits)
17+
public static AEADNonceGenerator createGcmFipsNonceGenerator(byte[] baseNonce, int counterSizeInBits)
2118
{
22-
return tlsNonceGeneratorFactory != null
23-
? tlsNonceGeneratorFactory.create(baseNonce, counterSizeInBits)
24-
: null;
19+
return globalFactory == null ? null : globalFactory.create(baseNonce, counterSizeInBits);
2520
}
2621
}

tls/src/main/java/org/bouncycastle/tls/crypto/impl/TlsAEADCipher.java

+21-22
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
1414
import org.bouncycastle.tls.crypto.TlsDecodeResult;
1515
import org.bouncycastle.tls.crypto.TlsEncodeResult;
16-
import org.bouncycastle.tls.crypto.TlsNonceGenerator;
1716
import org.bouncycastle.tls.crypto.TlsSecret;
1817
import org.bouncycastle.util.Arrays;
1918

@@ -31,7 +30,7 @@ public final class TlsAEADCipher
3130
private static final int NONCE_RFC7905 = 2;
3231
private static final long SEQUENCE_NUMBER_PLACEHOLDER = -1L;
3332

34-
private static final byte[] EPOCH_1 = {0x00, 0x01};
33+
private static final byte[] EPOCH_1 = { 0x00, 0x01 };
3534

3635
private final TlsCryptoParameters cryptoParams;
3736
private final int keySize;
@@ -129,9 +128,9 @@ public TlsAEADCipher(TlsCryptoParameters cryptoParams, TlsAEADCipherImpl encrypt
129128

130129
if (AEAD_GCM == aeadType && GcmTls12NonceGeneratorUtil.isGcmFipsNonceGeneratorFactorySet())
131130
{
132-
final int nonceLength = fixed_iv_length + record_iv_length;
133-
final byte[] baseNonce = Arrays.copyOf(encryptNonce, nonceLength);
134-
final int counterSizeInBits;
131+
int nonceLength = fixed_iv_length + record_iv_length;
132+
byte[] baseNonce = Arrays.copyOf(encryptNonce, nonceLength);
133+
int counterSizeInBits;
135134
if (negotiatedVersion.isDTLS())
136135
{
137136
counterSizeInBits = (record_iv_length - 2) * 8; // 48
@@ -142,7 +141,8 @@ public TlsAEADCipher(TlsCryptoParameters cryptoParams, TlsAEADCipherImpl encrypt
142141
{
143142
counterSizeInBits = record_iv_length * 8; // 64
144143
}
145-
gcmFipsNonceGenerator = GcmTls12NonceGeneratorUtil.createGcmFipsNonceGenerator(baseNonce, counterSizeInBits);
144+
gcmFipsNonceGenerator = GcmTls12NonceGeneratorUtil.createGcmFipsNonceGenerator(baseNonce,
145+
counterSizeInBits);
146146
}
147147
else
148148
{
@@ -181,8 +181,7 @@ public int getPlaintextEncodeLimit(int ciphertextLimit)
181181
public TlsEncodeResult encodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
182182
int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength) throws IOException
183183
{
184-
final int nonceSize = encryptNonce.length + record_iv_length;
185-
final byte[] nonce = new byte[nonceSize];
184+
byte[] nonce = new byte[encryptNonce.length + record_iv_length];
186185

187186
if (null != gcmFipsNonceGenerator)
188187
{
@@ -192,20 +191,20 @@ public TlsEncodeResult encodePlaintext(long seqNo, short contentType, ProtocolVe
192191
{
193192
switch (nonceMode)
194193
{
195-
case NONCE_RFC5288:
196-
System.arraycopy(encryptNonce, 0, nonce, 0, encryptNonce.length);
197-
// RFC 5288/6655: The nonce_explicit MAY be the 64-bit sequence number.
198-
TlsUtils.writeUint64(seqNo, nonce, encryptNonce.length);
199-
break;
200-
case NONCE_RFC7905:
201-
TlsUtils.writeUint64(seqNo, nonce, nonce.length - 8);
202-
for (int i = 0; i < encryptNonce.length; ++i)
203-
{
204-
nonce[i] ^= encryptNonce[i];
205-
}
206-
break;
207-
default:
208-
throw new TlsFatalAlert(AlertDescription.internal_error);
194+
case NONCE_RFC5288:
195+
System.arraycopy(encryptNonce, 0, nonce, 0, encryptNonce.length);
196+
// RFC 5288/6655: The nonce_explicit MAY be the 64-bit sequence number.
197+
TlsUtils.writeUint64(seqNo, nonce, encryptNonce.length);
198+
break;
199+
case NONCE_RFC7905:
200+
TlsUtils.writeUint64(seqNo, nonce, nonce.length - 8);
201+
for (int i = 0; i < encryptNonce.length; ++i)
202+
{
203+
nonce[i] ^= encryptNonce[i];
204+
}
205+
break;
206+
default:
207+
throw new TlsFatalAlert(AlertDescription.internal_error);
209208
}
210209
}
211210

tls/src/test/java/org/bouncycastle/tls/test/TestAEADGeneratorFactory.java

+1-2
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,7 @@ private TestAEADGeneratorFactory()
1313
// no op
1414
}
1515

16-
@Override
17-
public AEADNonceGenerator create(final byte[] baseNonce, final int counterSizeInBits)
16+
public AEADNonceGenerator create(byte[] baseNonce, int counterSizeInBits)
1817
{
1918
return new TestAEADNonceGenerator(baseNonce, counterSizeInBits);
2019
}

tls/src/test/java/org/bouncycastle/tls/test/TestAEADNonceGenerator.java

+2-4
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
package org.bouncycastle.tls.test;
22

3-
import org.bouncycastle.tls.crypto.TlsNonceGenerator;
43
import org.bouncycastle.tls.crypto.impl.AEADNonceGenerator;
54
import org.bouncycastle.util.Arrays;
65

@@ -14,7 +13,7 @@ class TestAEADNonceGenerator
1413
private long counterValue;
1514
private boolean counterExhausted;
1615

17-
TestAEADNonceGenerator(final byte[] baseNonce, final int counterBits)
16+
TestAEADNonceGenerator(byte[] baseNonce, int counterBits)
1817
{
1918
this.baseNonce = Arrays.copyOf(baseNonce, baseNonce.length);
2019
this.counterMask = -1L >>> (64 - counterBits);
@@ -24,7 +23,6 @@ class TestAEADNonceGenerator
2423
this.counterExhausted = false;
2524
}
2625

27-
@Override
2826
public void generateNonce(byte[] nonce)
2927
{
3028
if (nonce.length != baseNonce.length)
@@ -38,7 +36,7 @@ public void generateNonce(byte[] nonce)
3836
}
3937

4038
System.arraycopy(baseNonce, 0, nonce, 0, baseNonce.length);
41-
final int offset = baseNonce.length - counterBytes;
39+
int offset = baseNonce.length - counterBytes;
4240

4341
for (int i = 0; i < counterBytes; i++)
4442
{

0 commit comments

Comments
 (0)