clean up legacy code, simplify API

Author: overheadhunter

src/main/java/org/cryptomator/siv/CMac.java

@@ -24,14 +24,6 @@ class CMac extends MacSpi {
 	private static final String AES_ALGORITHM = "AES";
 	private static final String AES_ECB_NO_PADDING = "AES/ECB/NoPadding";
 
-	private static final ThreadLocal<Cipher> AES = ThreadLocals.withInitial(() -> {
-		try {
-			return Cipher.getInstance(AES_ECB_NO_PADDING);
-		} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
-			throw new AssertionError("Every implementation of the Java platform is required to support [...] AES/ECB/NoPadding", e);
-		}
-	});
-
 	// MAC keys:
 	private Cipher cipher;
 	private byte[] k1;
@@ -40,8 +32,8 @@ class CMac extends MacSpi {
 	// MAC state:
 	private final byte[] buffer = new byte[BLOCK_SIZE];
 	private int bufferPos = 0;
-	private byte[] x = new byte[BLOCK_SIZE]; // X := const_Zero;
-	private byte[] y = new byte[BLOCK_SIZE];
+	private final byte[] x = new byte[BLOCK_SIZE]; // X := const_Zero;
+	private final byte[] y = new byte[BLOCK_SIZE];
 	private int msgLen = 0;
 
 	@Override
@@ -51,12 +43,11 @@ protected int engineGetMacLength() {
 
 	@Override
 	protected void engineInit(Key key, AlgorithmParameterSpec params) throws InvalidKeyException {
-		this.cipher = AES.get();
-//		try {
-//			this.cipher = Cipher.getInstance(AES_ECB_NO_PADDING);
-//		} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
-//			throw new AssertionError("Every implementation of the Java platform is required to support [...] AES/ECB/NoPadding", e);
-//		}
+		try {
+			this.cipher = Cipher.getInstance(AES_ECB_NO_PADDING);
+		} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
+			throw new AssertionError("Every implementation of the Java platform is required to support [...] AES/ECB/NoPadding", e);
+		}
 		cipher.init(Cipher.ENCRYPT_MODE, key);
 
 		// init subkeys K1 and K2
@@ -150,7 +141,6 @@ protected void engineReset() {
 		Arrays.fill(y, (byte) 0);
 	}
 
-	// TODO make instance method, remove cipher param?
 	private static void encryptBlock(Cipher cipher, byte[] block, byte[] output) {
 		try {
 			cipher.doFinal(block, 0, BLOCK_SIZE, output);

src/main/java/org/cryptomator/siv/JceAesCtrComputer.java

@@ -2,7 +2,7 @@
  * Java implementation of RFC 5297 SIV Authenticated Encryption.
  * <p>
  * Use an instance of the {@link org.cryptomator.siv.SivMode} class to
- * {@link org.cryptomator.siv.SivMode#encrypt(javax.crypto.SecretKey, javax.crypto.SecretKey, byte[], byte[]...) encrypt} or
- * {@link org.cryptomator.siv.SivMode#decrypt(javax.crypto.SecretKey, javax.crypto.SecretKey, byte[], byte[]...) decrypt} data.
+ * {@link org.cryptomator.siv.SivMode#encrypt(byte[], byte[]...) encrypt} or
+ * {@link org.cryptomator.siv.SivMode#decrypt(byte[], byte[]...) decrypt} data.
  */
 package org.cryptomator.siv;

src/main/java/org/cryptomator/siv/SivMode.java

@@ -50,6 +50,13 @@ public int getTestCaseNumber() {
 		return testCaseNumber;
 	}
 
+	public byte[] getKey() {
+		byte[] key = new byte[macKey.length + ctrKey.length];
+		System.arraycopy(macKey, 0, key, 0, macKey.length);
+		System.arraycopy(ctrKey, 0, key, macKey.length, ctrKey.length);
+		return key;
+	}
+
 	public byte[] getCtrKey() {
 		return Arrays.copyOf(ctrKey, ctrKey.length);
 	}

src/main/java/org/cryptomator/siv/ThreadLocals.java

@@ -28,26 +28,25 @@
 public class SivModeBenchmark {
 
 	private int run;
-	private final byte[] encKey = new byte[16];
-	private final byte[] macKey = new byte[16];
+	private final byte[] key = new byte[32];
 	private final byte[] cleartextData = new byte[1000];
 	private final byte[] associatedData = new byte[100];
 
-	private final SivMode jceSivMode = new SivMode();
+	private SivMode siv;
 
 	@Setup(Level.Trial)
 	public void shuffleData() {
 		run++;
-		Arrays.fill(encKey, (byte) (run & 0xFF));
-		Arrays.fill(macKey, (byte) (run & 0xFF));
+		Arrays.fill(key, (byte) (run & 0xFF));
+		siv = new SivMode(key);
 		Arrays.fill(cleartextData, (byte) (run & 0xFF));
 		Arrays.fill(associatedData, (byte) (run & 0xFF));
 	}
 
 	@Benchmark
 	public void benchmarkJce(Blackhole bh) throws UnauthenticCiphertextException, IllegalBlockSizeException {
-		byte[] encrypted = jceSivMode.encrypt(encKey, macKey, cleartextData, associatedData);
-		byte[] decrypted = jceSivMode.decrypt(encKey, macKey, encrypted, associatedData);
+		byte[] encrypted = siv.encrypt(cleartextData, associatedData);
+		byte[] decrypted = siv.decrypt(encrypted, associatedData);
 		Assertions.assertArrayEquals(cleartextData, decrypted);
 		bh.consume(encrypted);
 		bh.consume(decrypted);