Support AES-GCM encryption

DEVSIX-8493

Author: AnhelinaM

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/BouncyCastleFactory.java

@@ -114,6 +114,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilderBC;
 import com.itextpdf.bouncycastle.cms.jcajce.JceKeyAgreeEnvelopedRecipientBC;
 import com.itextpdf.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipientBC;
+import com.itextpdf.bouncycastle.crypto.modes.GCMBlockCipherBC;
 import com.itextpdf.bouncycastle.openssl.PEMParserBC;
 import com.itextpdf.bouncycastle.openssl.jcajce.JcaPEMKeyConverterBC;
 import com.itextpdf.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilderBC;
@@ -221,6 +222,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.cms.jcajce.IJcaSimpleSignerInfoVerifierBuilder;
 import com.itextpdf.commons.bouncycastle.cms.jcajce.IJceKeyAgreeEnvelopedRecipient;
 import com.itextpdf.commons.bouncycastle.cms.jcajce.IJceKeyTransEnvelopedRecipient;
+import com.itextpdf.commons.bouncycastle.crypto.modes.IGCMBlockCipher;
 import com.itextpdf.commons.bouncycastle.openssl.IPEMParser;
 import com.itextpdf.commons.bouncycastle.openssl.jcajce.IJcaPEMKeyConverter;
 import com.itextpdf.commons.bouncycastle.openssl.jcajce.IJceOpenSSLPKCS8DecryptorProviderBuilder;
@@ -320,6 +322,8 @@ This file is part of the iText (R) project.
 import org.bouncycastle.crypto.digests.SHA256Digest;
 import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
 import org.bouncycastle.crypto.params.HKDFParameters;
+import org.bouncycastle.crypto.engines.AESEngine;
+import org.bouncycastle.crypto.modes.GCMBlockCipher;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
@@ -1893,4 +1897,13 @@ public byte[] generateEncryptedKeyWithAES256NoPad(byte[] key, byte[] kek) throws
         cipher.init(Cipher.WRAP_MODE, new SecretKeySpec(kek, "AESWrap"));
         return cipher.wrap(new SecretKeySpec(key, "AESWrap"));
     }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IGCMBlockCipher createGCMBlockCipher() {
+        GCMBlockCipher cipher = (GCMBlockCipher) GCMBlockCipher.newInstance(AESEngine.newInstance());
+        return new GCMBlockCipherBC(cipher);
+    }
 }

bouncy-castle-adapter/src/main/java/com/itextpdf/bouncycastle/crypto/modes/GCMBlockCipherBC.java

@@ -0,0 +1,132 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2024 Apryse Group NV
+    Authors: Apryse Software.
+
+    This program is offered under a commercial and under the AGPL license.
+    For commercial licensing, contact us at https://itextpdf.com/sales.  For AGPL licensing, see below.
+
+    AGPL licensing:
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU Affero General Public License for more details.
+
+    You should have received a copy of the GNU Affero General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package com.itextpdf.bouncycastle.crypto.modes;
+
+import com.itextpdf.commons.bouncycastle.crypto.modes.IGCMBlockCipher;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.modes.GCMBlockCipher;
+import org.bouncycastle.crypto.params.AEADParameters;
+import org.bouncycastle.crypto.params.KeyParameter;
+
+import java.util.Objects;
+
+/**
+ * This class provides the functionality of a cryptographic cipher of aes-gcm for encryption and decryption via
+ * wrapping the corresponding {@code GCMBlockCipher} class from bouncy-castle.
+ */
+public class GCMBlockCipherBC implements IGCMBlockCipher {
+    private final GCMBlockCipher cipher;
+
+    /**
+     * Creates new wrapper for {@link GCMBlockCipher} aes-gcm block cipher class.
+     *
+     * @param cipher bouncy-castle class to wrap
+     */
+    public GCMBlockCipherBC(GCMBlockCipher cipher) {
+        this.cipher = cipher;
+    }
+
+    /**
+     * Gets actual org.bouncycastle object being wrapped.
+     *
+     * @return wrapped {@link GCMBlockCipher}
+     */
+    public GCMBlockCipher getCipher() {
+        return cipher;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void init(boolean forEncryption, byte[] key, int macSizeBits, byte[] iv) {
+        cipher.init(forEncryption, new AEADParameters(new KeyParameter(key), macSizeBits, iv));
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int getUpdateOutputSize(int len) {
+        return cipher.getUpdateOutputSize(len);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void processBytes(byte[] input, int inputOffset, int len, byte[] output, int outOffset) {
+        cipher.processBytes(input, inputOffset, len, output, outOffset);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int getOutputSize(int len) {
+        return cipher.getOutputSize(len);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public void doFinal(byte[] plainText, int i) {
+        try {
+            cipher.doFinal(plainText, i);
+        } catch (InvalidCipherTextException e) {
+            throw new IllegalArgumentException(e.getMessage(), e);
+        }
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        GCMBlockCipherBC that = (GCMBlockCipherBC) o;
+        return Objects.equals(cipher, that.cipher);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public int hashCode() {
+        return Objects.hash(cipher);
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public String toString() {
+        return cipher.toString();
+    }
+}

bouncy-castle-connector/src/main/java/com/itextpdf/bouncycastleconnector/BouncyCastleDefaultFactory.java

@@ -117,6 +117,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.cms.jcajce.IJcaSimpleSignerInfoVerifierBuilder;
 import com.itextpdf.commons.bouncycastle.cms.jcajce.IJceKeyAgreeEnvelopedRecipient;
 import com.itextpdf.commons.bouncycastle.cms.jcajce.IJceKeyTransEnvelopedRecipient;
+import com.itextpdf.commons.bouncycastle.crypto.modes.IGCMBlockCipher;
 import com.itextpdf.commons.bouncycastle.openssl.IPEMParser;
 import com.itextpdf.commons.bouncycastle.openssl.jcajce.IJcaPEMKeyConverter;
 import com.itextpdf.commons.bouncycastle.openssl.jcajce.IJceOpenSSLPKCS8DecryptorProviderBuilder;
@@ -1007,4 +1008,9 @@ public byte[] generateHMACSHA256Token(byte[] key, byte[] data) {
     public byte[] generateEncryptedKeyWithAES256NoPad(byte[] key, byte[] kek) {
         throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
     }
+
+    @Override
+    public IGCMBlockCipher createGCMBlockCipher() {
+        throw new UnsupportedOperationException(BouncyCastleLogMessageConstant.BOUNCY_CASTLE_DEPENDENCY_MUST_PRESENT);
+    }
 }

bouncy-castle-fips-adapter/src/main/java/com/itextpdf/bouncycastlefips/BouncyCastleFipsFactory.java

@@ -115,6 +115,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.bouncycastlefips.cms.jcajce.JceKeyAgreeEnvelopedRecipientBCFips;
 import com.itextpdf.bouncycastlefips.cms.jcajce.JceKeyTransEnvelopedRecipientBCFips;
 import com.itextpdf.bouncycastlefips.crypto.fips.FipsUnapprovedOperationErrorBCFips;
+import com.itextpdf.bouncycastlefips.crypto.modes.GCMBlockCipherBCFips;
 import com.itextpdf.bouncycastlefips.openssl.PEMParserBCFips;
 import com.itextpdf.bouncycastlefips.openssl.jcajce.JcaPEMKeyConverterBCFips;
 import com.itextpdf.bouncycastlefips.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilderBCFips;
@@ -222,6 +223,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.commons.bouncycastle.cms.jcajce.IJcaSimpleSignerInfoVerifierBuilder;
 import com.itextpdf.commons.bouncycastle.cms.jcajce.IJceKeyAgreeEnvelopedRecipient;
 import com.itextpdf.commons.bouncycastle.cms.jcajce.IJceKeyTransEnvelopedRecipient;
+import com.itextpdf.commons.bouncycastle.crypto.modes.IGCMBlockCipher;
 import com.itextpdf.commons.bouncycastle.openssl.IPEMParser;
 import com.itextpdf.commons.bouncycastle.openssl.jcajce.IJcaPEMKeyConverter;
 import com.itextpdf.commons.bouncycastle.openssl.jcajce.IJceOpenSSLPKCS8DecryptorProviderBuilder;
@@ -245,6 +247,7 @@ This file is part of the iText (R) project.
 import java.io.Reader;
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
+import java.security.NoSuchProviderException;
 import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
@@ -259,6 +262,7 @@ This file is part of the iText (R) project.
 import java.util.List;
 import java.util.Set;
 import javax.crypto.Cipher;
+import javax.crypto.NoSuchPaddingException;
 import javax.crypto.Mac;
 import javax.crypto.spec.SecretKeySpec;
 import org.bouncycastle.asn1.ASN1BitString;
@@ -871,7 +875,7 @@ public IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algo
      */
     @Override
     public IAlgorithmIdentifier createAlgorithmIdentifier(IASN1ObjectIdentifier algorithm,
-            IASN1Encodable parameters) {
+                                                          IASN1Encodable parameters) {
         ASN1ObjectIdentifierBCFips algorithmBCFips = (ASN1ObjectIdentifierBCFips) algorithm;
         ASN1EncodableBCFips encodableBCFips = (ASN1EncodableBCFips) parameters;
         return new AlgorithmIdentifierBCFips(
@@ -976,8 +980,8 @@ public IJcaDigestCalculatorProviderBuilder createJcaDigestCalculatorProviderBuil
      */
     @Override
     public ICertificateID createCertificateID(IDigestCalculator digestCalculator,
-            IX509CertificateHolder certificateHolder,
-            BigInteger bigInteger) throws OCSPExceptionBCFips {
+                                              IX509CertificateHolder certificateHolder,
+                                              BigInteger bigInteger) throws OCSPExceptionBCFips {
         return new CertificateIDBCFips(digestCalculator, certificateHolder, bigInteger);
     }
 
@@ -1011,7 +1015,7 @@ public IJcaX509CertificateHolder createJcaX509CertificateHolder(X509Certificate
      */
     @Override
     public IExtension createExtension(IASN1ObjectIdentifier objectIdentifier,
-            boolean critical, IASN1OctetString octetString) {
+                                      boolean critical, IASN1OctetString octetString) {
         return new ExtensionBCFips(new Extension(((ASN1ObjectIdentifierBCFips) objectIdentifier)
                 .getASN1ObjectIdentifier(), critical, ((ASN1OctetStringBCFips) octetString).getOctetString()));
     }
@@ -1065,7 +1069,7 @@ public IOCSPReqBuilder createOCSPReqBuilder() {
      */
     @Override
     public ISigPolicyQualifierInfo createSigPolicyQualifierInfo(IASN1ObjectIdentifier objectIdentifier,
-            IDERIA5String string) {
+                                                                IDERIA5String string) {
         return new SigPolicyQualifierInfoBCFips(objectIdentifier, string);
     }
 
@@ -1138,7 +1142,7 @@ public IOCSPResponse createOCSPResponse(IOCSPResponseStatus respStatus, IRespons
      */
     @Override
     public IResponseBytes createResponseBytes(IASN1ObjectIdentifier asn1ObjectIdentifier,
-            IDEROctetString derOctetString) {
+                                              IDEROctetString derOctetString) {
         return new ResponseBytesBCFips(asn1ObjectIdentifier, derOctetString);
     }
 
@@ -1274,7 +1278,7 @@ public IDistributionPointName createDistributionPointName() {
     @Override
     public IDistributionPointName createDistributionPointName(IGeneralNames generalNames) {
         return new DistributionPointNameBCFips(
-                new DistributionPointName(((GeneralNamesBCFips)generalNames).getGeneralNames()));
+                new DistributionPointName(((GeneralNamesBCFips) generalNames).getGeneralNames()));
     }
 
     /**
@@ -1302,7 +1306,7 @@ public IGeneralName createGeneralName() {
      */
     @Override
     public IOtherHashAlgAndValue createOtherHashAlgAndValue(IAlgorithmIdentifier algorithmIdentifier,
-            IASN1OctetString octetString) {
+                                                            IASN1OctetString octetString) {
         return new OtherHashAlgAndValueBCFips(algorithmIdentifier, octetString);
     }
 
@@ -1311,7 +1315,7 @@ public IOtherHashAlgAndValue createOtherHashAlgAndValue(IAlgorithmIdentifier alg
      */
     @Override
     public ISignaturePolicyId createSignaturePolicyId(IASN1ObjectIdentifier objectIdentifier,
-            IOtherHashAlgAndValue algAndValue) {
+                                                      IOtherHashAlgAndValue algAndValue) {
         return new SignaturePolicyIdBCFips(objectIdentifier, algAndValue);
     }
 
@@ -1320,8 +1324,8 @@ public ISignaturePolicyId createSignaturePolicyId(IASN1ObjectIdentifier objectId
      */
     @Override
     public ISignaturePolicyId createSignaturePolicyId(IASN1ObjectIdentifier objectIdentifier,
-            IOtherHashAlgAndValue algAndValue,
-            ISigPolicyQualifierInfo... policyQualifiers) {
+                                                      IOtherHashAlgAndValue algAndValue,
+                                                      ISigPolicyQualifierInfo... policyQualifiers) {
         SigPolicyQualifierInfo[] qualifierInfos = new SigPolicyQualifierInfo[policyQualifiers.length];
         for (int i = 0; i < qualifierInfos.length; ++i) {
             qualifierInfos[i] = ((SigPolicyQualifierInfoBCFips) policyQualifiers[i]).getQualifierInfo();
@@ -1342,7 +1346,7 @@ public ISignaturePolicyIdentifier createSignaturePolicyIdentifier(ISignaturePoli
      */
     @Override
     public IEnvelopedData createEnvelopedData(IOriginatorInfo originatorInfo, IASN1Set set,
-            IEncryptedContentInfo encryptedContentInfo, IASN1Set set1) {
+                                              IEncryptedContentInfo encryptedContentInfo, IASN1Set set1) {
         return new EnvelopedDataBCFips(originatorInfo, set, encryptedContentInfo, set1);
     }
 
@@ -1359,7 +1363,7 @@ public IRecipientInfo createRecipientInfo(IKeyTransRecipientInfo keyTransRecipie
      */
     @Override
     public IEncryptedContentInfo createEncryptedContentInfo(IASN1ObjectIdentifier data,
-            IAlgorithmIdentifier algorithmIdentifier, IASN1OctetString octetString) {
+                                                            IAlgorithmIdentifier algorithmIdentifier, IASN1OctetString octetString) {
         return new EncryptedContentInfoBCFips(data, algorithmIdentifier, octetString);
     }
 
@@ -1400,7 +1404,7 @@ public IRecipientIdentifier createRecipientIdentifier(IIssuerAndSerialNumber iss
      */
     @Override
     public IKeyTransRecipientInfo createKeyTransRecipientInfo(IRecipientIdentifier recipientIdentifier,
-            IAlgorithmIdentifier algorithmIdentifier, IASN1OctetString octetString) {
+                                                              IAlgorithmIdentifier algorithmIdentifier, IASN1OctetString octetString) {
         return new KeyTransRecipientInfoBCFips(recipientIdentifier, algorithmIdentifier, octetString);
     }
 
@@ -1525,7 +1529,7 @@ public IJcaCertStore createJcaCertStore(List<Certificate> certificates) throws C
      */
     @Override
     public ITimeStampResponseGenerator createTimeStampResponseGenerator(ITimeStampTokenGenerator tokenGenerator,
-            Set<String> algorithms) {
+                                                                        Set<String> algorithms) {
         return new TimeStampResponseGeneratorBCFips(tokenGenerator, algorithms);
     }
 
@@ -1559,7 +1563,7 @@ public IJcaSignerInfoGeneratorBuilder createJcaSignerInfoGeneratorBuilder(
      */
     @Override
     public ITimeStampTokenGenerator createTimeStampTokenGenerator(ISignerInfoGenerator siGen, IDigestCalculator dgCalc,
-            IASN1ObjectIdentifier policy) throws TSPExceptionBCFips {
+                                                                  IASN1ObjectIdentifier policy) throws TSPExceptionBCFips {
         return new TimeStampTokenGeneratorBCFips(siGen, dgCalc, policy);
     }
 
@@ -1625,7 +1629,7 @@ public IX509v2CRLBuilder createX509v2CRLBuilder(IX500Name x500Name, Date date) {
      */
     @Override
     public IJcaX509v3CertificateBuilder createJcaX509v3CertificateBuilder(X509Certificate signingCert,
-            BigInteger certSerialNumber, Date startDate, Date endDate, IX500Name subjectDnName, PublicKey publicKey) {
+                                                                          BigInteger certSerialNumber, Date startDate, Date endDate, IX500Name subjectDnName, PublicKey publicKey) {
         return new JcaX509v3CertificateBuilderBCFips(signingCert, certSerialNumber, startDate, endDate, subjectDnName,
                 publicKey);
     }
@@ -1847,7 +1851,7 @@ public boolean isInApprovedOnlyMode() {
      */
     @Override
     public byte[] createCipherBytes(X509Certificate x509certificate, byte[] abyte0,
-            IAlgorithmIdentifier algorithmIdentifier)
+                                    IAlgorithmIdentifier algorithmIdentifier)
             throws GeneralSecurityException {
         Cipher cipher;
         try {
@@ -1898,4 +1902,18 @@ public byte[] generateEncryptedKeyWithAES256NoPad(byte[] key, byte[] kek) throws
         cipher.init(Cipher.WRAP_MODE, new SecretKeySpec(kek, "AESWrap"));
         return cipher.wrap(new SecretKeySpec(key, "AESWrap"));
     }
+
+    /**
+     * {@inheritDoc}
+     */
+    @Override
+    public IGCMBlockCipher createGCMBlockCipher() {
+        Cipher cipher = null;
+        try {
+            cipher = Cipher.getInstance("AES/GCM/NoPadding", getProviderName());
+        } catch (NoSuchAlgorithmException | NoSuchProviderException | NoSuchPaddingException e) {
+            // Ignore.
+        }
+        return new GCMBlockCipherBCFips(cipher);
+    }
 }