BaseBlockCipher: do not use PKCS12 for BCPBEKeys without IV

Also, for such keys, do not create a random IV nor throw an exception when decrypting, just assume the IV is 0. Bug: 27224566 Bug: 27994930 Bug: 27995180 Change-Id: I4d8dd44e7390199fc60797f9bd2c56174d8dfcba
author: Sergio Giro <sgiro@google.com> 2016-03-31 17:16:27 +0100
committer: Sergio Giro <sgiro@google.com> 2016-04-05 11:04:57 +0000
commit: 6ba5cb51e71a3b359d6bc5815f3d378336a51cb6 (patch)
tree: 3bba1ed80525dc6766c179fa49efc75dee3bb514 /bcprov/src/main/java/org/bouncycastle/jcajce/provider
parent: 7e9eddda2517732b58cc2f95f33ba668309ef0f7 (diff)
download: bouncycastle-6ba5cb51e71a3b359d6bc5815f3d378336a51cb6.tar.gz
1 files changed, 41 insertions, 5 deletions
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
index 9fdbafd1..fd9b9a9f 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/util/BaseBlockCipher.java
@@ -485,6 +485,14 @@ public class BaseBlockCipher
         }
     }
 
+    // BEGIN android-added
+    // TODO(27995180): This might need to be removed if we drop support for BCPBE keys without IV
+    // in PKCS12
+    private boolean isBCPBEKeyWithoutIV(Key key) {
+        return (key instanceof BCPBEKey) && !(((BCPBEKey)key).getParam() instanceof ParametersWithIV);
+    }
+    // END android-added
+
     protected void engineInit(
         int                     opmode,
         Key                     key,
@@ -518,7 +526,12 @@ public class BaseBlockCipher
         //
         // a note on iv's - if ivLength is zero the IV gets ignored (we don't use it).
         //
-        if (scheme == PKCS12 || key instanceof PKCS12Key)
+        // BEGIN android-changed
+        // Was: if (scheme == PKCS12 || key instanceof PKCS12Key)
+        // If the key is a BCPBE one without an IV, ignore the fact that the scheme is PKCS12.
+        // TODO(27995180): consider whether we want to keep support for these keys and PKCS12.
+        if ((scheme == PKCS12 || key instanceof PKCS12Key) && !isBCPBEKeyWithoutIV(key))
+        // END android-changed
         {
             SecretKey k;
             try
@@ -566,7 +579,13 @@ public class BaseBlockCipher
                 }
                 else
                 {
-                    param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS12, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
+                    // BEGIN android-changed
+                    // Was: param = PBE.Util.makePBEParameters(k.getEncoded(), PKCS12, digest, keySizeInBits, ivLength * 8, pbeSpec, cipher.getAlgorithmName());
+                    // TODO(27995180): consider rejecting such keys for PKCS12
+                    // See above for the android-changed with a TODO for the same bug that makes
+                    // this code unreachable.
+                    // END android-changed
+                    throw new IllegalStateException("Unreachable code");
                 }
             }
             else
@@ -814,18 +833,35 @@ public class BaseBlockCipher
             {
                 ivRandom = new SecureRandom();
             }
-
             if ((opmode == Cipher.ENCRYPT_MODE) || (opmode == Cipher.WRAP_MODE))
             {
                 byte[]  iv = new byte[ivLength];
 
-                ivRandom.nextBytes(iv);
+                // BEGIN android-changed
+                // Was: ivRandom.nextBytes(iv);
+                // TODO(27995180): for such keys, consider whether we want to reject them or
+                // allow them if the IV is passed in the parameters
+                if (!isBCPBEKeyWithoutIV(key)) {
+                    ivRandom.nextBytes(iv);
+                }
+                // END android-changed
                 param = new ParametersWithIV(param, iv);
                 ivParam = (ParametersWithIV)param;
             }
             else if (cipher.getUnderlyingCipher().getAlgorithmName().indexOf("PGPCFB") < 0)
             {
-                throw new InvalidAlgorithmParameterException("no IV set when one expected");
+                // BEGIN android-changed
+                // Was: throw new InvalidAlgorithmParameterException("no IV set when one expected");
+                // TODO(27995180): for such keys, consider whether we want to reject them or
+                // allow them if the IV is passed in the parameters
+                if (!isBCPBEKeyWithoutIV(key)) {
+                    throw new InvalidAlgorithmParameterException("no IV set when one expected");
+                } else {
+                    // Mimic behaviour in 1.52 by using an IV of 0's
+                    param = new ParametersWithIV(param, new byte[ivLength]);
+                    ivParam = (ParametersWithIV)param;
+                }
+                // END android-changed
             }
         }
author	Sergio Giro <sgiro@google.com>	2016-03-31 17:16:27 +0100
committer	Sergio Giro <sgiro@google.com>	2016-04-05 11:04:57 +0000
commit	6ba5cb51e71a3b359d6bc5815f3d378336a51cb6 (patch)
tree	3bba1ed80525dc6766c179fa49efc75dee3bb514 /bcprov/src/main/java/org/bouncycastle/jcajce/provider
parent	7e9eddda2517732b58cc2f95f33ba668309ef0f7 (diff)
download	bouncycastle-6ba5cb51e71a3b359d6bc5815f3d378336a51cb6.tar.gz