Other providers GCM fix

dghgit · dghgit · commit 335c42d33384 · 2022-11-27T09:18:19.000+11:00
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/GcmSpecUtil.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/GcmSpecUtil.java
@@ -0,0 +1,76 @@
+package org.bouncycastle.tls.crypto.impl.jcajce;
+
+import java.lang.reflect.Constructor;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+
+import org.bouncycastle.util.Integers;
+
+class GcmSpecUtil
+{
+    static final Class gcmSpecClass = lookup("javax.crypto.spec.GCMParameterSpec");
+
+    static boolean gcmSpecExists()
+    {
+        return gcmSpecClass != null;
+    }
+
+    static AlgorithmParameterSpec createGcmSpec(final byte[] nonce, final int macLen)
+        throws InvalidParameterSpecException
+    {
+        Object rv = AccessController.doPrivileged(new PrivilegedAction<Object>()
+        {
+            public Object run()
+            {
+                try
+                {
+                    Constructor constructor = gcmSpecClass.getConstructor(new Class[]{Integer.TYPE, byte[].class});
+
+                    return constructor.newInstance(new Object[]{Integers.valueOf(macLen * 8), nonce});
+                }
+                catch (NoSuchMethodException e)
+                {
+                    return new InvalidParameterSpecException("no constructor found!");   // should never happen
+                }
+                catch (Exception e)
+                {
+                    return new InvalidParameterSpecException("construction failed: " + e.getMessage());   // should never happen
+                }
+            }
+        });
+        if (rv instanceof AlgorithmParameterSpec)
+        {
+            return (AlgorithmParameterSpec)rv;
+        }
+        else
+        {
+            throw (InvalidParameterSpecException)rv;
+        }
+    }
+
+    static Class lookup(final String className)
+    {
+        return AccessController.doPrivileged(new PrivilegedAction<Class>()
+        {
+            public Class run()
+            {
+                try
+                {
+                    ClassLoader loader = GcmSpecUtil.class.getClassLoader();
+                    if (loader == null)
+                    {
+                        loader = ClassLoader.getSystemClassLoader();
+                    }
+
+                    return loader.loadClass(className);
+                }
+                catch (Exception e)
+                {
+                    return null;
+                }
+            }
+        });
+    }
+}
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceAEADCipherImpl.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceAEADCipherImpl.java
@@ -95,8 +95,16 @@ public void init(byte[] nonce, int macSize, byte[] additionalData)
             {
                 AlgorithmParameters algParams = helper.createAlgorithmParameters(algorithmParamsName);
 
-                // fortunately CCM and GCM parameters have the same ASN.1 structure
-                algParams.init(new GCMParameters(nonce, macSize).getEncoded());
+                // believe it or not but there are things out there that do not support the ASN.1 encoding...
+                if (GcmSpecUtil.gcmSpecExists())
+                {
+                    algParams.init(GcmSpecUtil.createGcmSpec(nonce, macSize));
+                }
+                else
+                {
+                    // fortunately CCM and GCM parameters have the same ASN.1 structure
+                    algParams.init(new GCMParameters(nonce, macSize).getEncoded());
+                }
 
                 cipher.init(cipherMode, key, algParams, null);
 
diff --git a/tls/src/main/jdk1.9/org/bouncycastle/tls/crypto/impl/jcajce/GcmSpecUtil.java b/tls/src/main/jdk1.9/org/bouncycastle/tls/crypto/impl/jcajce/GcmSpecUtil.java
@@ -0,0 +1,25 @@
+package org.bouncycastle.tls.crypto.impl.jcajce;
+
+import java.lang.reflect.Constructor;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidParameterSpecException;
+
+import javax.crypto.spec.GCMParameterSpec;
+
+import org.bouncycastle.util.Integers;
+
+class GcmSpecUtil
+{
+    static boolean gcmSpecExists()
+    {
+        return true;
+    }
+
+    static AlgorithmParameterSpec createGcmSpec(byte[] nonce, int macLen)
+        throws InvalidParameterSpecException
+    {
+        return new GCMParameterSpec(macLen * 8, nonce);
+    }
+}
