added some additional work from TLS fips implementation to nonce setting - relates to github #1950

Author: dghgit

tls/src/main/java/org/bouncycastle/jsse/provider/GcmTls12NonceGeneratorUtil.java

@@ -0,0 +1,9 @@
+package org.bouncycastle.tls.crypto.impl;
+
+import org.bouncycastle.tls.TlsFatalAlert;
+
+public interface AEADNonceGenerator
+{
+    public void generateNonce(byte[] nonce)
+        throws TlsFatalAlert;
+}

tls/src/main/java/org/bouncycastle/jsse/provider/TlsNonceGeneratorFactory.java

@@ -0,0 +1,8 @@
+package org.bouncycastle.tls.crypto.impl;
+
+import org.bouncycastle.tls.crypto.TlsNonceGenerator;
+
+public interface AEADNonceGeneratorFactory
+{
+    AEADNonceGenerator create(byte[] baseNonce, int counterSizeInBits);
+}

tls/src/main/java/org/bouncycastle/tls/crypto/impl/AEADNonceGenerator.java

@@ -0,0 +1,26 @@
+package org.bouncycastle.tls.crypto.impl;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+final public class GcmTls12NonceGeneratorUtil
+{
+    private static AEADNonceGeneratorFactory tlsNonceGeneratorFactory = null;
+
+    public static void setGcmTlsNonceGeneratorFactory(final AEADNonceGeneratorFactory factory)
+    {
+        tlsNonceGeneratorFactory = factory;
+    }
+
+    public static boolean isGcmFipsNonceGeneratorFactorySet()
+    {
+        return tlsNonceGeneratorFactory != null;
+    }
+
+    public static AEADNonceGenerator createGcmFipsNonceGenerator(final byte[] baseNonce, final int counterSizeInBits)
+    {
+        return tlsNonceGeneratorFactory != null
+                ? tlsNonceGeneratorFactory.create(baseNonce, counterSizeInBits)
+                : null;
+    }
+}

tls/src/main/java/org/bouncycastle/tls/crypto/impl/AEADNonceGeneratorFactory.java

@@ -17,9 +17,6 @@
 import org.bouncycastle.tls.crypto.TlsSecret;
 import org.bouncycastle.util.Arrays;
 
-import static org.bouncycastle.jsse.provider.GcmTls12NonceGeneratorUtil.createGcmFipsNonceGenerator;
-import static org.bouncycastle.jsse.provider.GcmTls12NonceGeneratorUtil.isGcmFipsNonceGeneratorFactorySet;
-
 /**
  * A generic TLS 1.2 AEAD cipher.
  */
@@ -49,7 +46,7 @@ public final class TlsAEADCipher
 
     private final boolean isTLSv13;
     private final int nonceMode;
-    private final TlsNonceGenerator gcmFipsNonceGenerator;
+    private final AEADNonceGenerator gcmFipsNonceGenerator;
 
     public TlsAEADCipher(TlsCryptoParameters cryptoParams, TlsAEADCipherImpl encryptCipher, TlsAEADCipherImpl decryptCipher,
         int keySize, int macSize, int aeadType) throws IOException
@@ -130,7 +127,7 @@ public TlsAEADCipher(TlsCryptoParameters cryptoParams, TlsAEADCipherImpl encrypt
             throw new TlsFatalAlert(AlertDescription.internal_error);
         }
 
-        if (AEAD_GCM == aeadType && isGcmFipsNonceGeneratorFactorySet())
+        if (AEAD_GCM == aeadType && GcmTls12NonceGeneratorUtil.isGcmFipsNonceGeneratorFactorySet())
         {
             final int nonceLength = fixed_iv_length + record_iv_length;
             final byte[] baseNonce = Arrays.copyOf(encryptNonce, nonceLength);
@@ -145,7 +142,7 @@ public TlsAEADCipher(TlsCryptoParameters cryptoParams, TlsAEADCipherImpl encrypt
             {
                 counterSizeInBits = record_iv_length * 8; // 64
             }
-            gcmFipsNonceGenerator = createGcmFipsNonceGenerator(baseNonce, counterSizeInBits);
+            gcmFipsNonceGenerator = GcmTls12NonceGeneratorUtil.createGcmFipsNonceGenerator(baseNonce, counterSizeInBits);
         }
         else
         {
@@ -185,15 +182,14 @@ public TlsEncodeResult encodePlaintext(long seqNo, short contentType, ProtocolVe
         int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength) throws IOException
     {
         final int nonceSize = encryptNonce.length + record_iv_length;
-        final byte[] nonce;
+        final byte[] nonce = new byte[nonceSize];
 
         if (null != gcmFipsNonceGenerator)
         {
-            nonce = gcmFipsNonceGenerator.generateNonce(nonceSize);
+            gcmFipsNonceGenerator.generateNonce(nonce);
         }
         else
         {
-            nonce = new byte[nonceSize];
             switch (nonceMode)
             {
                 case NONCE_RFC5288:

tls/src/main/java/org/bouncycastle/tls/crypto/impl/GcmTls12NonceGeneratorUtil.java

@@ -1,6 +1,6 @@
 package org.bouncycastle.tls.test;
 
-import org.bouncycastle.jsse.provider.GcmTls12NonceGeneratorUtil;
+import org.bouncycastle.tls.crypto.impl.GcmTls12NonceGeneratorUtil;
 import org.bouncycastle.test.PrintTestResult;
 
 import junit.extensions.TestSetup;
@@ -20,7 +20,7 @@ public static void main(String[] args)
 
     public static Test suiteWithCustomNonceGeneratorForTls12() throws Exception
     {
-        GcmTls12NonceGeneratorUtil.setGcmTlsNonceGeneratorFactory(TestTlsNonceGeneratorFactory.INSTANCE);
+        GcmTls12NonceGeneratorUtil.setGcmTlsNonceGeneratorFactory(TestAEADGeneratorFactory.INSTANCE);
         return suite();
     }
 

tls/src/main/java/org/bouncycastle/tls/crypto/impl/TlsAEADCipher.java

@@ -0,0 +1,21 @@
+package org.bouncycastle.tls.test;
+
+import org.bouncycastle.tls.crypto.impl.AEADNonceGenerator;
+import org.bouncycastle.tls.crypto.impl.AEADNonceGeneratorFactory;
+
+class TestAEADGeneratorFactory
+    implements AEADNonceGeneratorFactory
+{
+    public static final AEADNonceGeneratorFactory INSTANCE = new TestAEADGeneratorFactory();
+
+    private TestAEADGeneratorFactory()
+    {
+        // no op
+    }
+
+    @Override
+    public AEADNonceGenerator create(final byte[] baseNonce, final int counterSizeInBits)
+    {
+        return new TestAEADNonceGenerator(baseNonce, counterSizeInBits);
+    }
+}

tls/src/test/java/org/bouncycastle/tls/test/AllTests.java

@@ -1,10 +1,12 @@
 package org.bouncycastle.tls.test;
 
 import org.bouncycastle.tls.crypto.TlsNonceGenerator;
+import org.bouncycastle.tls.crypto.impl.AEADNonceGenerator;
 
 import java.util.Arrays;
 
-class TestNonceGenerator implements TlsNonceGenerator
+class TestAEADNonceGenerator
+    implements AEADNonceGenerator
 {
     private final byte[] baseNonce;
     private final long counterMask;
@@ -13,7 +15,7 @@ class TestNonceGenerator implements TlsNonceGenerator
     private long counterValue;
     private boolean counterExhausted;
 
-    TestNonceGenerator(final byte[] baseNonce, final int counterBits)
+    TestAEADNonceGenerator(final byte[] baseNonce, final int counterBits)
     {
         this.baseNonce = Arrays.copyOf(baseNonce, baseNonce.length);
         this.counterMask = -1L >>> (64 - counterBits);
@@ -24,9 +26,9 @@ class TestNonceGenerator implements TlsNonceGenerator
     }
 
     @Override
-    public byte[] generateNonce(final int size)
+    public void generateNonce(byte[] nonce)
     {
-        if (size != baseNonce.length)
+        if (nonce.length != baseNonce.length)
         {
             throw new IllegalArgumentException("requested length is not equal to the length of the base nonce.");
         }
@@ -36,7 +38,7 @@ public byte[] generateNonce(final int size)
             throw new IllegalStateException("TLS nonce generator exhausted");
         }
 
-        final byte[] nonce = Arrays.copyOf(baseNonce, baseNonce.length);
+        System.arraycopy(baseNonce, 0, nonce, 0, baseNonce.length);
         final int offset = baseNonce.length - counterBytes;
 
         for (int i = 0; i < counterBytes; i++)
@@ -45,7 +47,5 @@ public byte[] generateNonce(final int size)
         }
 
         counterExhausted |= ((++counterValue & counterMask) == 0);
-
-        return nonce;
     }
 }