Update some jdk1.4 classes for recent changes

Author: peterdettman

tls/src/main/jdk1.4/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java

@@ -61,6 +61,7 @@
 import org.bouncycastle.tls.crypto.impl.AEADNonceGenerator;
 import org.bouncycastle.tls.crypto.impl.AEADNonceGeneratorFactory;
 import org.bouncycastle.tls.crypto.impl.AbstractTlsCrypto;
+import org.bouncycastle.tls.crypto.impl.Tls13NullCipher;
 import org.bouncycastle.tls.crypto.impl.TlsAEADCipher;
 import org.bouncycastle.tls.crypto.impl.TlsAEADCipherImpl;
 import org.bouncycastle.tls.crypto.impl.TlsBlockCipher;
@@ -245,6 +246,12 @@ public TlsCipher createCipher(TlsCryptoParameters cryptoParams, int encryptionAl
                 return createChaCha20Poly1305(cryptoParams);
             case EncryptionAlgorithm.NULL:
                 return createNullCipher(cryptoParams, macAlgorithm);
+            case EncryptionAlgorithm.NULL_HMAC_SHA256:
+                // NOTE: Ignores macAlgorithm
+                return create13NullCipher(cryptoParams, MACAlgorithm.hmac_sha256);
+            case EncryptionAlgorithm.NULL_HMAC_SHA384:
+                // NOTE: Ignores macAlgorithm
+                return create13NullCipher(cryptoParams, MACAlgorithm.hmac_sha384);
             case EncryptionAlgorithm.SEED_CBC:
                 return createCipher_CBC(cryptoParams, "SEED", 16, macAlgorithm);
             case EncryptionAlgorithm.SM4_CBC:
@@ -442,18 +449,13 @@ public AlgorithmParameters getNamedGroupAlgorithmParameters(int namedGroup)
     {
         if (NamedGroup.refersToAnXDHCurve(namedGroup))
         {
-            switch (namedGroup)
-            {
             /*
-             * TODO Return AlgorithmParameters to check against disabled algorithms
+             * TODO Return AlgorithmParameters to check against disabled algorithms?
              *
              * NOTE: The JDK doesn't even support AlgorithmParameters for XDH, so SunJSSE also winds
              * up using null AlgorithmParameters when checking algorithm constraints.
              */
-            case NamedGroup.x25519:
-            case NamedGroup.x448:
-                return null;
-            }
+            return null;
         }
         else if (NamedGroup.refersToAnECDSACurve(namedGroup))
         {
@@ -947,6 +949,12 @@ protected TlsHash createHash(String digestName)
         return new JcaTlsHash(helper.createDigest(digestName));
     }
 
+    protected Tls13NullCipher create13NullCipher(TlsCryptoParameters cryptoParams, int macAlgorithm)
+        throws IOException
+    {
+        return new Tls13NullCipher(cryptoParams, createHMAC(macAlgorithm), createHMAC(macAlgorithm));
+    }
+
     /**
      * To disable the null cipher suite, override this method with one that throws an IOException.
      *
@@ -1005,7 +1013,7 @@ protected TlsStreamSigner createStreamSigner(JcaJceHelper helper, String algorit
         {
             if (null != parameter)
             {
-                Signature dummySigner;                
+                Signature dummySigner;
                 try
                 {
                     dummySigner = helper.createSignature(algorithmName);
@@ -1170,6 +1178,12 @@ protected Boolean isSupportedEncryptionAlgorithm(int encryptionAlgorithm)
         case EncryptionAlgorithm.SM4_GCM:
             return Boolean.valueOf(isUsableCipher("SM4/GCM/NoPadding", 128));
 
+        case EncryptionAlgorithm.NULL_HMAC_SHA256:
+            return hasMacAlgorithm(MACAlgorithm.hmac_sha256);
+
+        case EncryptionAlgorithm.NULL_HMAC_SHA384:
+            return hasMacAlgorithm(MACAlgorithm.hmac_sha384);
+
         case EncryptionAlgorithm._28147_CNT_IMIT:
         case EncryptionAlgorithm.DES_CBC:
         case EncryptionAlgorithm.DES40_CBC:

tls/src/main/jdk1.4/org/bouncycastle/tls/crypto/impl/jcajce/JceAEADCipherImpl.java

@@ -6,6 +6,7 @@
 import java.security.GeneralSecurityException;
 import java.security.PrivilegedAction;
 import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
 
 import javax.crypto.Cipher;
 import javax.crypto.SecretKey;
@@ -68,6 +69,9 @@ private static String getAlgParamsName(JcaJceHelper helper, String cipherName)
 
     private SecretKey key;
 
+    private byte[] noncePre7;
+    private int macSizePre7;
+
     public JceAEADCipherImpl(JcaTlsCrypto crypto, JcaJceHelper helper, String cipherName, String algorithm, int keySize,
         boolean isEncrypting)
         throws GeneralSecurityException
@@ -91,9 +95,6 @@ public void setKey(byte[] key, int keyOff, int keyLen)
         this.key = new SecretKeySpec(key, keyOff, keyLen, algorithm);
     }
 
-    private byte[] nonce;
-    private int macSize;
-
     public void init(byte[] nonce, int macSize)
     {
         // NOTE: Shouldn't need a SecureRandom, but this is cheaper if the provider would auto-create one
@@ -104,23 +105,44 @@ public void init(byte[] nonce, int macSize)
 //            if (canDoAEAD && algorithmParamsName != null)
 //            {
 //                AlgorithmParameters algParams = helper.createAlgorithmParameters(algorithmParamsName);
-//
-//                // fortunately CCM and GCM parameters have the same ASN.1 structure
-//                algParams.init(new GCMParameters(nonce, macSize).getEncoded());
-//
-//                cipher.init(cipherMode, key, algParams);
-//
-//                if (additionalData != null && additionalData.length > 0)
+//    
+//                // believe it or not but there are things out there that do not support the ASN.1 encoding...
+//                if (GCMUtil.isGCMParameterSpecAvailable())
+//                {
+//                    algParams.init(GCMUtil.createGCMParameterSpec(macSize * 8, nonce));
+//                }
+//                else
 //                {
-//                    cipher.updateAAD(additionalData);
+//                    // fortunately CCM and GCM parameters have the same ASN.1 structure
+//                    algParams.init(new GCMParameters(nonce, macSize).getEncoded());
 //                }
+//    
+//                cipher.init(cipherMode, key, algParams, random);
 //            }
 //            else
 //            {
-            // Otherwise fall back to the BC-specific AEADParameterSpec
-                 this.nonce = Arrays.clone(nonce);
-                 this.macSize = macSize;
-            // }
+                /*
+                 * Otherwise fall back to the BC-specific AEADParameterSpec. Since updateAAD is not available, we
+                 * need to use init to pass the associated data (in doFinal), but in order to call getOutputSize we
+                 * technically need to init the cipher first. So we init with a dummy nonce to avoid duplicate nonce
+                 * error from the init in doFinal.
+                 */
+    
+                if (this.noncePre7 == null || this.noncePre7.length != nonce.length)
+                {
+                    this.noncePre7 = new byte[nonce.length];
+                }
+    
+                System.arraycopy(nonce, 0, this.noncePre7, 0, nonce.length);
+                this.macSizePre7 = macSize;
+    
+                this.noncePre7[0] ^= 0x80;
+    
+                AlgorithmParameterSpec params = new AEADParameterSpec(noncePre7, macSizePre7 * 8, null);
+                cipher.init(cipherMode, key, params, random);
+    
+                this.noncePre7[0] ^= 0x80;
+//            }
         }
         catch (Exception e)
         {
@@ -136,20 +158,27 @@ public int getOutputSize(int inputLength)
     public int doFinal(byte[] additionalData, byte[] input, int inputOffset, int inputLength, byte[] output, int outputOffset)
         throws IOException
     {
-        try
-        {
-            if (!Arrays.isNullOrEmpty(additionalData))
-            {
-                cipher.init(cipherMode, key, new AEADParameterSpec(nonce, macSize * 8, additionalData));
-            }
-            else
-            {
-                cipher.init(cipherMode, key, new AEADParameterSpec(nonce, macSize * 8, null));
-            }
-        }
-        catch (Exception e)
+        if (!Arrays.isNullOrEmpty(additionalData))
         {
-            throw new IOException(e.toString());
+//            if (canDoAEAD)
+//            {
+//                cipher.updateAAD(additionalData);
+//            }
+//            else
+//            {
+                try
+                {
+                    // NOTE: Shouldn't need a SecureRandom, but this is cheaper if the provider would auto-create one
+                    SecureRandom random = crypto.getSecureRandom();
+
+                    AlgorithmParameterSpec params = new AEADParameterSpec(noncePre7, macSizePre7 * 8, additionalData);
+                    cipher.init(cipherMode, key, params, random);
+                }
+                catch (Exception e)
+                {
+                    throw new IOException(e);
+                }
+//            }
         }
 
         /*

tls/src/main/jdk1.4/org/bouncycastle/tls/crypto/impl/jcajce/JceTlsECDomain.java

@@ -32,17 +32,13 @@ public class JceTlsECDomain
     implements TlsECDomain
 {
     protected final JcaTlsCrypto crypto;
-    protected final TlsECConfig ecConfig;
-
-
     protected ECNamedCurveGenParameterSpec ecGenSpec;
     protected ECParameterSpec ecParameterSpec;
     protected ECCurve ecCurve;
 
     public JceTlsECDomain(JcaTlsCrypto crypto, TlsECConfig ecConfig)
     {
         this.crypto = crypto;
-        this.ecConfig = ecConfig;
 
         init(ecConfig.getNamedGroup());
     }