Skip to content

Commit

Permalink
Cleanup TLS 1.2 GCM nonce generator stuff
Browse files Browse the repository at this point in the history
  • Loading branch information
@peterdettman
peterdettman committed Jan 6, 2025
1 parent 94607c5 commit a912b69
Show file tree
Hide file tree
Showing 6 changed files with 33 additions and 45 deletions.
5 changes: 2 additions & 3 deletions tls/src/main/java/org/bouncycastle/tls/crypto/impl/AEADNonceGenerator.java
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
package org.bouncycastle.tls.crypto.impl;

import org.bouncycastle.tls.TlsFatalAlert;
import java.io.IOException;

public interface AEADNonceGenerator
{
public void generateNonce(byte[] nonce)
throws TlsFatalAlert;
public void generateNonce(byte[] nonce) throws IOException;
}
2 changes: 0 additions & 2 deletions tls/src/main/java/org/bouncycastle/tls/crypto/impl/AEADNonceGeneratorFactory.java
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
package org.bouncycastle.tls.crypto.impl;

import org.bouncycastle.tls.crypto.TlsNonceGenerator;

public interface AEADNonceGeneratorFactory
{
AEADNonceGenerator create(byte[] baseNonce, int counterSizeInBits);
Expand Down
19 changes: 7 additions & 12 deletions tls/src/main/java/org/bouncycastle/tls/crypto/impl/GcmTls12NonceGeneratorUtil.java
View file
Original file line number Diff line number Diff line change
@@ -1,26 +1,21 @@
package org.bouncycastle.tls.crypto.impl;

import java.security.AccessController;
import java.security.PrivilegedAction;

final public class GcmTls12NonceGeneratorUtil
public final class GcmTls12NonceGeneratorUtil
{
private static AEADNonceGeneratorFactory tlsNonceGeneratorFactory = null;
private static volatile AEADNonceGeneratorFactory globalFactory = null;

public static void setGcmTlsNonceGeneratorFactory(final AEADNonceGeneratorFactory factory)
public static void setGcmTlsNonceGeneratorFactory(AEADNonceGeneratorFactory factory)
{
tlsNonceGeneratorFactory = factory;
globalFactory = factory;
}

public static boolean isGcmFipsNonceGeneratorFactorySet()
{
return tlsNonceGeneratorFactory != null;
return globalFactory != null;
}

public static AEADNonceGenerator createGcmFipsNonceGenerator(final byte[] baseNonce, final int counterSizeInBits)
public static AEADNonceGenerator createGcmFipsNonceGenerator(byte[] baseNonce, int counterSizeInBits)
{
return tlsNonceGeneratorFactory != null
? tlsNonceGeneratorFactory.create(baseNonce, counterSizeInBits)
: null;
return globalFactory == null ? null : globalFactory.create(baseNonce, counterSizeInBits);
}
}
43 changes: 21 additions & 22 deletions tls/src/main/java/org/bouncycastle/tls/crypto/impl/TlsAEADCipher.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
import org.bouncycastle.tls.crypto.TlsCryptoUtils;
import org.bouncycastle.tls.crypto.TlsDecodeResult;
import org.bouncycastle.tls.crypto.TlsEncodeResult;
import org.bouncycastle.tls.crypto.TlsNonceGenerator;
import org.bouncycastle.tls.crypto.TlsSecret;
import org.bouncycastle.util.Arrays;

Expand All @@ -31,7 +30,7 @@ public final class TlsAEADCipher
private static final int NONCE_RFC7905 = 2;
private static final long SEQUENCE_NUMBER_PLACEHOLDER = -1L;

private static final byte[] EPOCH_1 = {0x00, 0x01};
private static final byte[] EPOCH_1 = { 0x00, 0x01 };

private final TlsCryptoParameters cryptoParams;
private final int keySize;
Expand Down Expand Up @@ -129,9 +128,9 @@ public TlsAEADCipher(TlsCryptoParameters cryptoParams, TlsAEADCipherImpl encrypt

if (AEAD_GCM == aeadType && GcmTls12NonceGeneratorUtil.isGcmFipsNonceGeneratorFactorySet())
{
final int nonceLength = fixed_iv_length + record_iv_length;
final byte[] baseNonce = Arrays.copyOf(encryptNonce, nonceLength);
final int counterSizeInBits;
int nonceLength = fixed_iv_length + record_iv_length;
byte[] baseNonce = Arrays.copyOf(encryptNonce, nonceLength);
int counterSizeInBits;
if (negotiatedVersion.isDTLS())
{
counterSizeInBits = (record_iv_length - 2) * 8; // 48
Expand All @@ -142,7 +141,8 @@ public TlsAEADCipher(TlsCryptoParameters cryptoParams, TlsAEADCipherImpl encrypt
{
counterSizeInBits = record_iv_length * 8; // 64
}
gcmFipsNonceGenerator = GcmTls12NonceGeneratorUtil.createGcmFipsNonceGenerator(baseNonce, counterSizeInBits);
gcmFipsNonceGenerator = GcmTls12NonceGeneratorUtil.createGcmFipsNonceGenerator(baseNonce,
counterSizeInBits);
}
else
{
Expand Down Expand Up @@ -181,8 +181,7 @@ public int getPlaintextEncodeLimit(int ciphertextLimit)
public TlsEncodeResult encodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength) throws IOException
{
final int nonceSize = encryptNonce.length + record_iv_length;
final byte[] nonce = new byte[nonceSize];
byte[] nonce = new byte[encryptNonce.length + record_iv_length];

if (null != gcmFipsNonceGenerator)
{
Expand All @@ -192,20 +191,20 @@ public TlsEncodeResult encodePlaintext(long seqNo, short contentType, ProtocolVe
{
switch (nonceMode)
{
case NONCE_RFC5288:
System.arraycopy(encryptNonce, 0, nonce, 0, encryptNonce.length);
// RFC 5288/6655: The nonce_explicit MAY be the 64-bit sequence number.
TlsUtils.writeUint64(seqNo, nonce, encryptNonce.length);
break;
case NONCE_RFC7905:
TlsUtils.writeUint64(seqNo, nonce, nonce.length - 8);
for (int i = 0; i < encryptNonce.length; ++i)
{
nonce[i] ^= encryptNonce[i];
}
break;
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
case NONCE_RFC5288:
System.arraycopy(encryptNonce, 0, nonce, 0, encryptNonce.length);
// RFC 5288/6655: The nonce_explicit MAY be the 64-bit sequence number.
TlsUtils.writeUint64(seqNo, nonce, encryptNonce.length);
break;
case NONCE_RFC7905:
TlsUtils.writeUint64(seqNo, nonce, nonce.length - 8);
for (int i = 0; i < encryptNonce.length; ++i)
{
nonce[i] ^= encryptNonce[i];
}
break;
default:
throw new TlsFatalAlert(AlertDescription.internal_error);
}
}

Expand Down
3 changes: 1 addition & 2 deletions tls/src/test/java/org/bouncycastle/tls/test/TestAEADGeneratorFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@ private TestAEADGeneratorFactory()
// no op
}

@Override
public AEADNonceGenerator create(final byte[] baseNonce, final int counterSizeInBits)
public AEADNonceGenerator create(byte[] baseNonce, int counterSizeInBits)
{
return new TestAEADNonceGenerator(baseNonce, counterSizeInBits);
}
Expand Down
6 changes: 2 additions & 4 deletions tls/src/test/java/org/bouncycastle/tls/test/TestAEADNonceGenerator.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package org.bouncycastle.tls.test;

import org.bouncycastle.tls.crypto.TlsNonceGenerator;
import org.bouncycastle.tls.crypto.impl.AEADNonceGenerator;
import org.bouncycastle.util.Arrays;

Expand All @@ -14,7 +13,7 @@ class TestAEADNonceGenerator
private long counterValue;
private boolean counterExhausted;

TestAEADNonceGenerator(final byte[] baseNonce, final int counterBits)
TestAEADNonceGenerator(byte[] baseNonce, int counterBits)
{
this.baseNonce = Arrays.copyOf(baseNonce, baseNonce.length);
this.counterMask = -1L >>> (64 - counterBits);
Expand All @@ -24,7 +23,6 @@ class TestAEADNonceGenerator
this.counterExhausted = false;
}

@Override
public void generateNonce(byte[] nonce)
{
if (nonce.length != baseNonce.length)
Expand All @@ -38,7 +36,7 @@ public void generateNonce(byte[] nonce)
}

System.arraycopy(baseNonce, 0, nonce, 0, baseNonce.length);
final int offset = baseNonce.length - counterBytes;
int offset = baseNonce.length - counterBytes;

for (int i = 0; i < counterBytes; i++)
{
Expand Down

0 comments on commit a912b69

Please sign in to comment.