Wired PacketCiphers into BaseBlockCipher.

Some changes to instance creation.
Added back logic for GCM key reuse that matches normal non packet GCM implementation.

Initial logic for the detection of a use case for a packet cipher.

Needs specific provider level tests.

Author: mwcw

core/src/main/java/org/bouncycastle/crypto/AESPacketCipherEngine.java

@@ -15,12 +15,12 @@ public interface NativeServices
     String AES_CTR = "AES/CTR";
     String AES_CCM = "AES/CCM";
 
-    String AES_CBC_PC = "AES/CBC PC";
-    String AES_CCM_PC = "AES/CCM PC";
-    String AES_CFB_PC = "AES/CFB PC";
-    String AES_CTR_PC = "AES/CTR PC";
-    String AES_GCM_PC = "AES/GCM PC";
-    String AES_GCMSIV_PC = "AES/GCMSIV PC";
+    String AES_CBC_PC = "AES/CBC-PC";
+    String AES_CCM_PC = "AES/CCM-PC";
+    String AES_CFB_PC = "AES/CFB-PC";
+    String AES_CTR_PC = "AES/CTR-PC";
+    String AES_GCM_PC = "AES/GCM-PC";
+    String AES_GCMSIV_PC = "AES/GCMSIV-PC";
     String SHA2 = "SHA2";
     String MULACC = "MULACC";
 

core/src/main/java/org/bouncycastle/crypto/NativeServices.java

@@ -4,7 +4,7 @@ public class PacketCipherException extends Exception
 {
     private final Reason reason;
 
-    enum Reason
+    public enum Reason
     {
         INVALID_CIPHERTEXT,
         OUTPUT_LENGTH,
@@ -46,4 +46,9 @@ public String toString()
     {
         return reason.toString() + " " + super.toString();
     }
+
+    public Reason getReason()
+    {
+        return reason;
+    }
 }

core/src/main/java/org/bouncycastle/crypto/PacketCipherException.java

@@ -13,12 +13,9 @@
 public class AESNativeCBCPacketCipher
     implements PacketCipher, AESCBCModePacketCipher
 {
-    public static AESCBCModePacketCipher newInstance()
-    {
-        return new AESNativeCBCPacketCipher();
-    }
 
-    private AESNativeCBCPacketCipher()
+
+    public AESNativeCBCPacketCipher()
     {
     }
 

core/src/main/java/org/bouncycastle/crypto/engines/AESNativeCBCPacketCipher.java

@@ -1,9 +1,6 @@
 package org.bouncycastle.crypto.engines;
 
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.ExceptionMessage;
-import org.bouncycastle.crypto.PacketCipher;
-import org.bouncycastle.crypto.PacketCipherException;
+import org.bouncycastle.crypto.*;
 import org.bouncycastle.crypto.modes.AESCCMModePacketCipher;
 import org.bouncycastle.crypto.modes.AESCCMPacketCipher;
 import org.bouncycastle.crypto.params.AEADParameters;
@@ -13,12 +10,9 @@
 public class AESNativeCCMPacketCipher
     implements PacketCipher, AESCCMModePacketCipher
 {
-    public static AESCCMModePacketCipher newInstance()
-    {
-        return new AESNativeCCMPacketCipher();
-    }
 
-    private AESNativeCCMPacketCipher()
+
+    public AESNativeCCMPacketCipher()
     {
     }
 

core/src/main/java/org/bouncycastle/crypto/engines/AESNativeCCMPacketCipher.java

@@ -11,12 +11,9 @@ public class AESNativeCFBPacketCipher
     extends AESPacketCipherEngine
     implements AESCFBModePacketCipher
 {
-    public static AESCFBModePacketCipher newInstance()
-    {
-        return new AESNativeCFBPacketCipher();
-    }
 
-    private AESNativeCFBPacketCipher()
+
+    public AESNativeCFBPacketCipher()
     {
     }
 

core/src/main/java/org/bouncycastle/crypto/engines/AESNativeCFBPacketCipher.java

@@ -1,8 +1,6 @@
 package org.bouncycastle.crypto.engines;
 
-import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.AESPacketCipherEngine;
-import org.bouncycastle.crypto.PacketCipherException;
+import org.bouncycastle.crypto.*;
 import org.bouncycastle.crypto.modes.AESCTRModePacketCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
@@ -12,12 +10,9 @@ public class AESNativeCTRPacketCipher
     extends AESPacketCipherEngine
     implements AESCTRModePacketCipher
 {
-    public static AESCTRModePacketCipher newInstance()
-    {
-        return new AESNativeCTRPacketCipher();
-    }
 
-    private AESNativeCTRPacketCipher()
+
+    public AESNativeCTRPacketCipher()
     {
     }
 

core/src/main/java/org/bouncycastle/crypto/engines/AESNativeCTRPacketCipher.java

@@ -247,17 +247,6 @@ public int doFinal(byte[] out, int outOff)
         throws IllegalStateException, InvalidCipherTextException
     {
 
-//        if (outOff < 0)
-//        {
-//            throw new IllegalArgumentException("outOff is negative");
-//        }
-//
-//
-//        if (outOff > out.length)
-//        {
-//            throw new IllegalArgumentException("offset past end of output array");
-//        }
-
         checkStatus();
 
 

core/src/main/java/org/bouncycastle/crypto/engines/AESNativeGCM.java

@@ -7,17 +7,23 @@
 import org.bouncycastle.crypto.params.AEADParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.dispose.Disposable;
+
+import javax.security.auth.DestroyFailedException;
+import javax.security.auth.Destroyable;
 
 public class AESNativeGCMPacketCipher
-    extends AESPacketCipherEngine
-    implements AESGCMModePacketCipher
+        extends AESPacketCipherEngine
+        implements AESGCMModePacketCipher, Destroyable
 {
-    public static AESGCMModePacketCipher newInstance()
-    {
-        return new AESNativeGCMPacketCipher();
-    }
 
-    private AESNativeGCMPacketCipher()
+
+    private byte[] lastKey;
+    private byte[] lastNonce;
+    private boolean destroyed;
+
+    public AESNativeGCMPacketCipher()
     {
     }
 
@@ -27,7 +33,7 @@ public int getOutputSize(boolean encryption, CipherParameters parameters, int le
         int macSize;
         if (parameters instanceof AEADParameters)
         {
-            AEADParameters param = (AEADParameters)parameters;
+            AEADParameters param = (AEADParameters) parameters;
             int macSizeBits = param.getMacSize();
             if (macSizeBits < 32 || macSizeBits > 128 || (macSizeBits & 7) != 0)
             {
@@ -48,16 +54,17 @@ else if (parameters instanceof ParametersWithIV)
     }
 
     @Override
-    public int processPacket(boolean encryption, CipherParameters params, byte[] input, int inOff, int len, byte[] output, int outOff)
-        throws PacketCipherException
+    public int processPacket(boolean encryption, CipherParameters params, byte[] input, int inOff, int len,
+                             byte[] output, int outOff)
+            throws PacketCipherException
     {
         int macSize;
         byte[] nonce;
         byte[] initialAssociatedText;
         byte[] key;
         if (params instanceof AEADParameters)
         {
-            AEADParameters param = (AEADParameters)params;
+            AEADParameters param = (AEADParameters) params;
             nonce = param.getNonce();
             initialAssociatedText = param.getAssociatedText();
 
@@ -68,15 +75,40 @@ public int processPacket(boolean encryption, CipherParameters params, byte[] inp
             }
 
             macSize = macSizeBits >> 3;
+
             key = param.getKey().getKey();
+
+            // This only works if you use the same instance of packet cipher
+            // It matches the existing behavior of the normal GCM implementation
+            if (encryption && Arrays.areEqual(key, lastKey) && Arrays.areEqual(nonce, lastNonce))
+            {
+                throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
+            }
+
+            lastKey = Arrays.clone(key);
+            lastNonce = Arrays.clone(nonce);
+
+
         }
         else if (params instanceof ParametersWithIV)
         {
-            ParametersWithIV param = (ParametersWithIV)params;
+            ParametersWithIV param = (ParametersWithIV) params;
             nonce = param.getIV().clone();
             initialAssociatedText = null;
             macSize = 16;
-            key = ((KeyParameter)param.getParameters()).getKey();
+
+            key = ((KeyParameter) param.getParameters()).getKey();
+
+            // This only works if you use the same instance of packet cipher
+            // It matches the existing behavior of the normal GCM implementation
+            if (encryption && Arrays.areEqual(key, lastKey) && Arrays.areEqual(nonce, lastNonce))
+            {
+                throw new IllegalArgumentException("cannot reuse nonce for GCM encryption");
+            }
+
+            lastKey = Arrays.clone(key);
+            lastNonce = Arrays.clone(nonce);
+
         }
         else
         {
@@ -88,7 +120,7 @@ else if (params instanceof ParametersWithIV)
         try
         {
             result = processPacket(encryption, key, key.length, nonce, nonce.length, initialAssociatedText, iatLen,
-                macSize, input, inOff, len, output, outOff, outLen);
+                    macSize, input, inOff, len, output, outOff, outLen);
         }
         catch (Exception e)
         {
@@ -100,10 +132,27 @@ else if (params instanceof ParametersWithIV)
     static native int getOutputSize(boolean encryption, int len, int macSize);
 
     static native int processPacket(boolean encryption, byte[] key, int keyLen, byte[] nonce, int nonLen, byte[] aad,
-                                    int aadLen, int macSize, byte[] in, int inOff, int inLen, byte[] out, int outOff, int outLen);
+                                    int aadLen, int macSize, byte[] in, int inOff, int inLen, byte[] out, int outOff,
+                                    int outLen);
+
     @Override
     public String toString()
     {
         return "GCM Packet Cipher (Native)";
     }
+
+    @Override
+    public void destroy() throws DestroyFailedException
+    {
+        Arrays.clear(lastKey);
+        Arrays.clear(lastNonce);
+        destroyed = true;
+    }
+
+    @Override
+    public boolean isDestroyed()
+    {
+        return destroyed;
+    }
+
 }

core/src/main/java/org/bouncycastle/crypto/engines/AESNativeGCMPacketCipher.java

@@ -9,15 +9,15 @@
 import org.bouncycastle.crypto.params.ParametersWithIV;
 
 public class AESNativeGCMSIVPacketCipher
-    extends AESPacketCipherEngine
-    implements AESGCMSIVModePacketCipher
+        extends AESPacketCipherEngine
+        implements AESGCMSIVModePacketCipher
 {
     public static AESGCMSIVModePacketCipher newInstance()
     {
         return new AESNativeGCMSIVPacketCipher();
     }
 
-    private AESNativeGCMSIVPacketCipher()
+    public AESNativeGCMSIVPacketCipher()
     {
     }
 
@@ -28,25 +28,26 @@ public int getOutputSize(boolean encryption, CipherParameters parameters, int le
     }
 
     @Override
-    public int processPacket(boolean encryption, CipherParameters params, byte[] input, int inOff, int len, byte[] output, int outOff)
-        throws PacketCipherException
+    public int processPacket(boolean encryption, CipherParameters params, byte[] input, int inOff, int len,
+                             byte[] output, int outOff)
+            throws PacketCipherException
     {
         byte[] nonce;
         byte[] initialAssociatedText;
         byte[] key;
         if (params instanceof AEADParameters)
         {
-            AEADParameters param = (AEADParameters)params;
+            AEADParameters param = (AEADParameters) params;
             nonce = param.getNonce();
             initialAssociatedText = param.getAssociatedText();
             key = param.getKey().getKey();
         }
         else if (params instanceof ParametersWithIV)
         {
-            ParametersWithIV param = (ParametersWithIV)params;
+            ParametersWithIV param = (ParametersWithIV) params;
             nonce = param.getIV().clone();
             initialAssociatedText = null;
-            key = ((KeyParameter)param.getParameters()).getKey();
+            key = ((KeyParameter) param.getParameters()).getKey();
         }
         else
         {
@@ -58,7 +59,7 @@ else if (params instanceof ParametersWithIV)
         try
         {
             result = processPacket(encryption, key, key.length, nonce, initialAssociatedText, iatLen,
-                 input, inOff, len, output, outOff, outLen);
+                    input, inOff, len, output, outOff, outLen);
         }
         catch (Exception e)
         {
@@ -69,8 +70,9 @@ else if (params instanceof ParametersWithIV)
 
     static native int getOutputSize(boolean encryption, int len);
 
-    static native int processPacket(boolean encryption, byte[] key, int keyLen, byte[] nonce,  byte[] aad,
-                                    int aadLen,  byte[] in, int inOff, int inLen, byte[] out, int outOff, int outLen);
+    static native int processPacket(boolean encryption, byte[] key, int keyLen, byte[] nonce, byte[] aad,
+                                    int aadLen, byte[] in, int inOff, int inLen, byte[] out, int outOff, int outLen);
+
     @Override
     public String toString()
     {