Merge branch 'main' into 1958-aead-parameters

Author: gefeili

tls/src/main/java/org/bouncycastle/tls/NamedGroup.java

@@ -117,7 +117,7 @@ public class NamedGroup
     public static final int MLKEM1024 = 0x1024;
 
     /* Names of the actual underlying elliptic curves (not necessarily matching the NamedGroup names). */
-    private static final String[] CURVE_NAMES = new String[] { "sect163k1", "sect163r1", "sect163r2", "sect193r1",
+    private static final String[] CURVE_NAMES = new String[]{ "sect163k1", "sect163r1", "sect163r2", "sect193r1",
         "sect193r2", "sect233k1", "sect233r1", "sect239k1", "sect283k1", "sect283r1", "sect409k1", "sect409r1",
         "sect571k1", "sect571r1", "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "secp224k1",
         "secp224r1", "secp256k1", "secp256r1", "secp384r1", "secp521r1", "brainpoolP256r1", "brainpoolP384r1",
@@ -126,7 +126,7 @@ public class NamedGroup
         "GostR3410-2001-CryptoPro-C", "Tc26-Gost-3410-12-512-paramSetA", "Tc26-Gost-3410-12-512-paramSetB",
         "Tc26-Gost-3410-12-512-paramSetC", "sm2p256v1" };
 
-    private static final String[] FINITE_FIELD_NAMES = new String[] { "ffdhe2048", "ffdhe3072", "ffdhe4096",
+    private static final String[] FINITE_FIELD_NAMES = new String[]{ "ffdhe2048", "ffdhe3072", "ffdhe4096",
         "ffdhe6144", "ffdhe8192" };
 
     public static boolean canBeNegotiated(int namedGroup, ProtocolVersion version)

tls/src/main/java/org/bouncycastle/tls/SimulatedTlsSRPIdentityManager.java

@@ -36,7 +36,7 @@ public static SimulatedTlsSRPIdentityManager getRFC5054Default(TlsCrypto crypto,
 
         TlsSRPConfig srpConfig = new TlsSRPConfig();
 
-        srpConfig.setExplicitNG(new BigInteger[] { group.getN(), group.getG() });
+        srpConfig.setExplicitNG(new BigInteger[]{ group.getN(), group.getG() });
 
         return new SimulatedTlsSRPIdentityManager(group, crypto.createSRP6VerifierGenerator(srpConfig), mac);
     }

tls/src/main/java/org/bouncycastle/tls/TlsDHUtils.java

@@ -101,7 +101,7 @@ public static int getNamedGroupForDHParameters(BigInteger p, BigInteger g)
 
     public static DHGroup getStandardGroupForDHParameters(BigInteger p, BigInteger g)
     {
-        DHGroup[] standardGroups = new DHGroup[] { DHStandardGroups.rfc7919_ffdhe2048,
+        DHGroup[] standardGroups = new DHGroup[]{ DHStandardGroups.rfc7919_ffdhe2048,
             DHStandardGroups.rfc7919_ffdhe3072, DHStandardGroups.rfc7919_ffdhe4096, DHStandardGroups.rfc7919_ffdhe6144,
             DHStandardGroups.rfc7919_ffdhe8192, DHStandardGroups.rfc3526_1536, DHStandardGroups.rfc3526_2048,
             DHStandardGroups.rfc3526_3072, DHStandardGroups.rfc3526_4096, DHStandardGroups.rfc3526_6144,

tls/src/main/java/org/bouncycastle/tls/crypto/impl/AEADNonceGenerator.java

@@ -1,9 +1,8 @@
 package org.bouncycastle.tls.crypto.impl;
 
-import org.bouncycastle.tls.TlsFatalAlert;
+import java.io.IOException;
 
 public interface AEADNonceGenerator
 {
-    public void generateNonce(byte[] nonce)
-        throws TlsFatalAlert;
+    public void generateNonce(byte[] nonce) throws IOException;
 }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/AEADNonceGeneratorFactory.java

@@ -1,7 +1,5 @@
 package org.bouncycastle.tls.crypto.impl;
 
-import org.bouncycastle.tls.crypto.TlsNonceGenerator;
-
 public interface AEADNonceGeneratorFactory
 {
     AEADNonceGenerator create(byte[] baseNonce, int counterSizeInBits);

tls/src/main/java/org/bouncycastle/tls/crypto/impl/GcmTls12NonceGeneratorUtil.java

@@ -1,26 +1,21 @@
 package org.bouncycastle.tls.crypto.impl;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
-final public class GcmTls12NonceGeneratorUtil
+public final class GcmTls12NonceGeneratorUtil
 {
-    private static AEADNonceGeneratorFactory tlsNonceGeneratorFactory = null;
+    private static volatile AEADNonceGeneratorFactory globalFactory = null;
 
-    public static void setGcmTlsNonceGeneratorFactory(final AEADNonceGeneratorFactory factory)
+    public static void setGcmTlsNonceGeneratorFactory(AEADNonceGeneratorFactory factory)
     {
-        tlsNonceGeneratorFactory = factory;
+        globalFactory = factory;
     }
 
     public static boolean isGcmFipsNonceGeneratorFactorySet()
     {
-        return tlsNonceGeneratorFactory != null;
+        return globalFactory != null;
     }
 
-    public static AEADNonceGenerator createGcmFipsNonceGenerator(final byte[] baseNonce, final int counterSizeInBits)
+    public static AEADNonceGenerator createGcmFipsNonceGenerator(byte[] baseNonce, int counterSizeInBits)
     {
-        return tlsNonceGeneratorFactory != null
-                ? tlsNonceGeneratorFactory.create(baseNonce, counterSizeInBits)
-                : null;
+        return globalFactory == null ? null : globalFactory.create(baseNonce, counterSizeInBits);
     }
 }

tls/src/main/java/org/bouncycastle/tls/crypto/impl/TlsAEADCipher.java

@@ -13,7 +13,6 @@
 import org.bouncycastle.tls.crypto.TlsCryptoUtils;
 import org.bouncycastle.tls.crypto.TlsDecodeResult;
 import org.bouncycastle.tls.crypto.TlsEncodeResult;
-import org.bouncycastle.tls.crypto.TlsNonceGenerator;
 import org.bouncycastle.tls.crypto.TlsSecret;
 import org.bouncycastle.util.Arrays;
 
@@ -31,7 +30,7 @@ public final class TlsAEADCipher
     private static final int NONCE_RFC7905 = 2;
     private static final long SEQUENCE_NUMBER_PLACEHOLDER = -1L;
 
-    private static final byte[] EPOCH_1 = {0x00, 0x01};
+    private static final byte[] EPOCH_1 = { 0x00, 0x01 };
 
     private final TlsCryptoParameters cryptoParams;
     private final int keySize;
@@ -129,9 +128,9 @@ public TlsAEADCipher(TlsCryptoParameters cryptoParams, TlsAEADCipherImpl encrypt
 
         if (AEAD_GCM == aeadType && GcmTls12NonceGeneratorUtil.isGcmFipsNonceGeneratorFactorySet())
         {
-            final int nonceLength = fixed_iv_length + record_iv_length;
-            final byte[] baseNonce = Arrays.copyOf(encryptNonce, nonceLength);
-            final int counterSizeInBits;
+            int nonceLength = fixed_iv_length + record_iv_length;
+            byte[] baseNonce = Arrays.copyOf(encryptNonce, nonceLength);
+            int counterSizeInBits;
             if (negotiatedVersion.isDTLS())
             {
                 counterSizeInBits = (record_iv_length - 2) * 8; // 48
@@ -142,7 +141,8 @@ public TlsAEADCipher(TlsCryptoParameters cryptoParams, TlsAEADCipherImpl encrypt
             {
                 counterSizeInBits = record_iv_length * 8; // 64
             }
-            gcmFipsNonceGenerator = GcmTls12NonceGeneratorUtil.createGcmFipsNonceGenerator(baseNonce, counterSizeInBits);
+            gcmFipsNonceGenerator = GcmTls12NonceGeneratorUtil.createGcmFipsNonceGenerator(baseNonce,
+                counterSizeInBits);
         }
         else
         {
@@ -181,8 +181,7 @@ public int getPlaintextEncodeLimit(int ciphertextLimit)
     public TlsEncodeResult encodePlaintext(long seqNo, short contentType, ProtocolVersion recordVersion,
         int headerAllocation, byte[] plaintext, int plaintextOffset, int plaintextLength) throws IOException
     {
-        final int nonceSize = encryptNonce.length + record_iv_length;
-        final byte[] nonce = new byte[nonceSize];
+        byte[] nonce = new byte[encryptNonce.length + record_iv_length];
 
         if (null != gcmFipsNonceGenerator)
         {
@@ -192,20 +191,20 @@ public TlsEncodeResult encodePlaintext(long seqNo, short contentType, ProtocolVe
         {
             switch (nonceMode)
             {
-                case NONCE_RFC5288:
-                    System.arraycopy(encryptNonce, 0, nonce, 0, encryptNonce.length);
-                    // RFC 5288/6655: The nonce_explicit MAY be the 64-bit sequence number.
-                    TlsUtils.writeUint64(seqNo, nonce, encryptNonce.length);
-                    break;
-                case NONCE_RFC7905:
-                    TlsUtils.writeUint64(seqNo, nonce, nonce.length - 8);
-                    for (int i = 0; i < encryptNonce.length; ++i)
-                    {
-                        nonce[i] ^= encryptNonce[i];
-                    }
-                    break;
-                default:
-                    throw new TlsFatalAlert(AlertDescription.internal_error);
+            case NONCE_RFC5288:
+                System.arraycopy(encryptNonce, 0, nonce, 0, encryptNonce.length);
+                // RFC 5288/6655: The nonce_explicit MAY be the 64-bit sequence number.
+                TlsUtils.writeUint64(seqNo, nonce, encryptNonce.length);
+                break;
+            case NONCE_RFC7905:
+                TlsUtils.writeUint64(seqNo, nonce, nonce.length - 8);
+                for (int i = 0; i < encryptNonce.length; ++i)
+                {
+                    nonce[i] ^= encryptNonce[i];
+                }
+                break;
+            default:
+                throw new TlsFatalAlert(AlertDescription.internal_error);
             }
         }
 

tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/srp/SRP6Util.java

@@ -8,7 +8,7 @@
 
 class SRP6Util
 {
-    private static final byte[] colon = new byte[] { (byte)':' };
+    private static final byte[] COLON = new byte[]{ (byte)':' };
 
     private static BigInteger ZERO = BigInteger.valueOf(0);
     private static BigInteger ONE = BigInteger.valueOf(1);
@@ -26,7 +26,7 @@ public static BigInteger calculateU(TlsHash digest, BigInteger N, BigInteger A,
     public static BigInteger calculateX(TlsHash digest, BigInteger N, byte[] salt, byte[] identity, byte[] password)
     {
         digest.update(identity, 0, identity.length);
-        digest.update(colon, 0, 1);
+        digest.update(COLON, 0, 1);
         digest.update(password, 0, password.length);
 
         byte[] output = digest.calculateHash();

tls/src/test/java/org/bouncycastle/jsse/provider/test/ECDSACredentialsTest.java

@@ -126,10 +126,10 @@ private void implTestECDSACredentials(int port, String protocol, int namedGroup)
         X509Certificate caCert = TestUtils.generateRootCert(caKeyPair);
 
         KeyStore serverKs = createKeyStore();
-        serverKs.setKeyEntry("server", caKeyPair.getPrivate(), keyPass, new X509Certificate[] { caCert });
+        serverKs.setKeyEntry("server", caKeyPair.getPrivate(), keyPass, new X509Certificate[]{ caCert });
 
         KeyStore clientKs = createKeyStore();
-        clientKs.setKeyEntry("client", caKeyPair.getPrivate(), keyPass, new X509Certificate[] { caCert });
+        clientKs.setKeyEntry("client", caKeyPair.getPrivate(), keyPass, new X509Certificate[]{ caCert });
 
         TestProtocolUtil.runClientAndServer(new ECDSAServer(port, protocol, serverKs, keyPass, caCert),
             new ECDSAClient(port, protocol, clientKs, keyPass, caCert));

tls/src/test/java/org/bouncycastle/jsse/provider/test/KeyManagerFactoryTest.java

@@ -199,7 +199,7 @@ private KeyStore getEcKeyStore(boolean agreement)
 
         ks.load(null, PASSWORD);
 
-        ks.setKeyEntry("test", ePair.getPrivate(), PASSWORD, new Certificate[] { eCert, iCert });
+        ks.setKeyEntry("test", ePair.getPrivate(), PASSWORD, new Certificate[]{ eCert, iCert });
 
         ks.setCertificateEntry("root", rCert);
 
@@ -230,7 +230,7 @@ private KeyStore getRsaKeyStore(boolean encryption)
 
         ks.load(null, PASSWORD);
 
-        ks.setKeyEntry("test", ePair.getPrivate(), PASSWORD, new Certificate[] { eCert, iCert });
+        ks.setKeyEntry("test", ePair.getPrivate(), PASSWORD, new Certificate[]{ eCert, iCert });
 
         ks.setCertificateEntry("root", rCert);
 
@@ -248,14 +248,14 @@ private void implTestKeyManager(BCX509ExtendedKeyManager manager, String keyType
         BCX509Key key = manager.chooseServerKeyBC(new String[]{ keyType }, null, null);
         assertNotNull(key);
 
-        alias = manager.chooseServerAlias(keyType, new Principal[] { new X500Principal("CN=TLS Test") }, null);
+        alias = manager.chooseServerAlias(keyType, new Principal[]{ new X500Principal("CN=TLS Test") }, null);
         assertNull(alias);
 
-        key = manager.chooseServerKeyBC(new String[]{ keyType }, new Principal[] { new X500Principal("CN=TLS Test") },
+        key = manager.chooseServerKeyBC(new String[]{ keyType }, new Principal[]{ new X500Principal("CN=TLS Test") },
             null);
         assertNull(key);
 
-        alias = manager.chooseServerAlias(keyType, new Principal[] { new X500Principal("CN=TLS Test CA") }, null);
+        alias = manager.chooseServerAlias(keyType, new Principal[]{ new X500Principal("CN=TLS Test CA") }, null);
         assertNotNull(alias);
         assertNotNull(manager.getCertificateChain(alias));
         assertNotNull(manager.getPrivateKey(alias));