Added table use obfuscation to AESFastEngine

JDK 1.4 compiler updates.
bcgit · Nov 29, 2016 · 8a73f08 · 8a73f08
1 parent 02417ce
commit 8a73f08
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 79 deletions.
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/AESFastEngine.java
@@ -26,9 +26,11 @@
  * the contents of the first
  *
  * The slowest version uses no static tables at all and computes the values in each round
+ * </p>
  * <p>
- * This file contains the fast version with 8Kbytes of static tables for round precomputation
- *
+ * This file contains the fast version with 8Kbytes of static tables for round precomputation.
+ * </p>
+ * @deprecated unfortunately this class is has a few side channel issues. In an environment where encryption/decryption may be closely observed it should not be used.
  */
 public class AESFastEngine
     implements BlockCipher

diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/drbg/DRBG.java
@@ -1,6 +1,5 @@
 package org.bouncycastle.jcajce.provider.drbg;
 
-import java.lang.reflect.Constructor;
 import java.security.SecureRandom;
 import java.security.SecureRandomSpi;
 
@@ -22,22 +21,19 @@ public static class Default
         extends SecureRandomSpi
     {
         private SecureRandom random = new SP800SecureRandomBuilder(secureRandom, true)
-            .setPersonalizationString(generateDefaultPersonalizationString())
+            .setPersonalizationString(generateDefaultPersonalizationString(secureRandom))
             .buildHash(new SHA512Digest(), secureRandom.generateSeed(32), true);
 
-        @Override
         protected void engineSetSeed(byte[] bytes)
         {
             random.setSeed(bytes);
         }
 
-        @Override
         protected void engineNextBytes(byte[] bytes)
         {
             random.nextBytes(bytes);
         }
 
-        @Override
         protected byte[] engineGenerateSeed(int numBytes)
         {
             return secureRandom.generateSeed(numBytes);
@@ -48,22 +44,19 @@ public static class NonceAndIV
         extends SecureRandomSpi
     {
         private SecureRandom random = new SP800SecureRandomBuilder(secureRandom, true)
-            .setPersonalizationString(generateNonceIVPersonalizationString())
+            .setPersonalizationString(generateNonceIVPersonalizationString(secureRandom))
             .buildHash(new SHA512Digest(), secureRandom.generateSeed(32), false);
 
-        @Override
         protected void engineSetSeed(byte[] bytes)
         {
             random.setSeed(bytes);
         }
 
-        @Override
         protected void engineNextBytes(byte[] bytes)
         {
             random.nextBytes(bytes);
         }
 
-        @Override
         protected byte[] engineGenerateSeed(int numBytes)
         {
             return secureRandom.generateSeed(numBytes);
@@ -84,78 +77,15 @@ public void configure(ConfigurableProvider provider)
         }
     }
 
-    private static byte[] generateDefaultPersonalizationString()
+    private static byte[] generateDefaultPersonalizationString(SecureRandom random)
     {
-        return Arrays.concatenate(Strings.toByteArray("Default"), Strings.toUTF8ByteArray(getVIMID()),
+        return Arrays.concatenate(Strings.toByteArray("Default"), random.generateSeed(16),
             Pack.longToBigEndian(Thread.currentThread().getId()), Pack.longToBigEndian(System.currentTimeMillis()));
     }
 
-    private static byte[] generateNonceIVPersonalizationString()
+    private static byte[] generateNonceIVPersonalizationString(SecureRandom random)
     {
-        return Arrays.concatenate(Strings.toByteArray("Default"), Strings.toUTF8ByteArray(getVIMID()),
+        return Arrays.concatenate(Strings.toByteArray("Nonce"), random.generateSeed(16),
             Pack.longToLittleEndian(Thread.currentThread().getId()), Pack.longToLittleEndian(System.currentTimeMillis()));
     }
-
-    private static final Constructor vimIDConstructor;
-
-    static
-    {
-        Class vimIDClass = lookup("java.rmi.dgc.VMID");
-        if (vimIDClass != null)
-        {
-            vimIDConstructor = findConstructor(vimIDClass);
-        }
-        else
-        {
-            vimIDConstructor = null;
-        }
-    }
-
-    private static Class lookup(String className)
-    {
-        try
-        {
-            Class def = DRBG.class.getClassLoader().loadClass(className);
-
-            return def;
-        }
-        catch (Exception e)
-        {
-            return null;
-        }
-    }
-
-    private static Constructor findConstructor(Class clazz)
-    {
-        try
-        {
-            return clazz.getConstructor();
-        }
-        catch (Exception e)
-        {
-            return null;
-        }
-    }
-
-    static String getVIMID()
-    {
-        if (vimIDConstructor != null)
-        {
-            Object vimID = null;
-            try
-            {
-                vimID = vimIDConstructor.newInstance();
-            }
-            catch (Exception i)
-            {
-                // might happen, fall through if it does
-            }
-            if (vimID != null)
-            {
-                return vimID.toString();
-            }
-        }
-
-        return "No VIM ID"; // TODO: maybe there is a system property we can use here.
-    }
 }
diff --git a/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/prov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
@@ -184,7 +184,7 @@ public int doFinal(byte[] out, int outOff)
                 }
                 catch (InvalidCipherTextException e)
                 {
-                    throw new IllegalStateException("exception on doFinal()", e);
+                    throw new IllegalStateException("exception on doFinal(): " + e.toString());
                 }
             }