Merge branch 'release/1.3.2'

.travis.yml

@@ -1,11 +1,12 @@
+dist: bionic
 language: java
 sudo: false
 jdk:
-- oraclejdk9
+- openjdk13
 env:
   global:
   - secure: "dYjMF9qjmv85TdhSauKTfU+5Lt7q1ZpOLfpYuRz1yQF3Y+Ru/5/2Ucb4efgzLNRE4u9KGM7MJr1YRH3qV5OyxBqfKZ9ORq5noQbukfKyDDjS7oRn1HiHWG5ZWs2Ja35z0a5BK8+h5OF8kA1C5dmQ/tePKP5JAZZlhwnBolkwUXTJXAvppSBpl2/m/0KBJoHMJYxiY4DJ8grf3OWWhsWO9YMeJAov+N4GFJy9J85tbKvb4XgJITBPrSmK981JS67sddjelaodaolF5vewoW7KfxG87SMRr6xOno0Qy1td2aiUXMt10w2eI2FTluC9Fp0UJ7z3rMEGcHGFjaPXk+bLOAwGwoJq3xt3mA91Y7N1aQuOnWL01K94c7rw9yUU+HUfrUz1iPVEFD36FkwZNFYXHPL8JMuSL6bIafaiu5Nd95QZP7vET3It07zBc/KcV2izdk9aXOOPumKmw/VpzunWfYF2we53uuN1tvzBJ5yxuHjsoteTkbdoYpIinAHI3QfREwwRX19Q4jjJU9GTT12n/7GQopXzuytK6M6xlltVVD/KffmdyiqqWA1u391t2HcgmX6TyvHS4jNy9hbJ+/zfqwZG+NQFSPz99LAiGpLYmctY3A5oofM16x07Tofk/HvbCMCjuMsk0zLgd1m915TFJ5ZUQ510ohrM5IBSdUJ6NUc=" # CODACY_PROJECT_TOKEN
-  - secure: "PQ/K3HeqG52aDOel6ROp8vJo1ybfnwjdYKewKssWQwsb38BIPe68RKgJ06mOeyacrf+i1BkJgKspTcwLeMqfRNP+mxAg3WBccG6dwZy3LdeaRBrcGQhiBLgK8RthIFxOPoY4pm2iiUQdcakWXHIqz62asV8Hx9Yk8qyyIch+kj4uEE2bgyJGKb3MM56kPmjOSZIuD+hR3V/RqBBgpKrDsfkEGH5kZSfLlt9oy5tsJsAzlY4cYFq3RBy4KZQUifRXh6i7MHWOSt48E1Qt7hwik0pSchS7AqMAvu3tCstc+hUGavpq/XXqlqH8kWjplpVJQsQ5YUcacDWFxuFpfPTBbFJKITEQrEoXlSNOXMTIzaBdn8CZtCoeIonHMXkAaOncVmEIjFQbOl0XzDNz6GXmUYCoUcWeBhq4rBcFqq844VIUaRbmD+eQR7zDx2B5WcKGt/h273iK7rCBQB3dEOhhab2rliES8FmUKj1U/k50Ae7oVrlnPm6fJH7tCsEKEEgPrvlLEzOtFpqrOeQZ91B+wkopw4d+z+24OBgVpk4Plv6G+CBHU61ixwOJ9MJFEPeZ/2gNWmZkGItS6L0eMqK+SvMYzZETrreceLFWRSzmpRKbWilmauBLKzFNnf9+Emu+XD0boC/oQGwyYGi4Cm1HmSAInGXfvwaDh7d5RHAbh0A=" # BINTRAY_API_KEY
+  - secure: "SM5wxw+mBvG65MS1B31rJ30oSCwU8OX4diIFAtx1gxBissZv9mVfkzL8mNeMMy0fKQB4aAfq2d/PBeSoNwYPqC6NEpv0n/aoBk35oZMEJpeOdBQ1/6tHhQmHty9Cg4cf2pWQdYCMUn1iJ09ONcodUpnIQouHNHyUjzWCeXnYdJOA5KR/CdRdhFFzghAC2Zm4Zqhba5Ie2JjBabyivLZgv5jM3+Sp4JPbZQI7OjZHUgxCVfh6YLBPRXsfMjeR/F4PWyF5ojo7UGY61qPS5YUj7YTiSI5LHWelcWC8wQNKhqT2h4SoD7J2+ZCS04MYgqgZx8ZtO/LZBBLdsQi4LBTsrK+3zAI4QmsgI+6z6kC9kdS5N04BdnLNEuDw8COGt+3Y5w+IYKTdtbBTx/p9+cY/0cFcGA8B6jGYQuClPQhshqr9pTrfIf6stD515qHTx4KsU6DDNpsSoKRS8C36tdrDTKcbZzvg7uEWnTwrKi+ZHJKFTiJb9Ozaiganttot/Zlub7LXBsArgTLT1Aw0EzyX+wnWcVM/QYNSMj+TUlnWg+mPdZemjyBkvoyw9UhNpvtdK/AdGUpu1oS146Q53PwXb4ROd3n57116ZJbUwhYfThFseQctj3gunCjDJId0uSwkyeowrolDRsCgPfZ1YQYGLQi1PEpesfTvm4PVYUfx9Jc=" # BINTRAY_API_KEY
 install:
 - curl -o $HOME/.m2/settings.xml https://gist.githubusercontent.com/cryptobot/cf5fbd909c4782aaeeeb7c7f4a1a43da/raw/e60ee486e34ee0c79f89f947abe2c83b4290c6bb/settings.xml
 - mvn dependency:go-offline -Pdependency-check,coverage,release
@@ -14,7 +15,7 @@ before_script:
 script:
 - mvn clean test jacoco:report verify -Pcoverage
 after_success:
-- curl -o ~/codacy-coverage-reporter.jar https://oss.sonatype.org/service/local/repositories/releases/content/com/codacy/codacy-coverage-reporter/4.0.2/codacy-coverage-reporter-4.0.2-assembly.jar
+- curl -o ~/codacy-coverage-reporter.jar https://oss.sonatype.org/service/local/repositories/releases/content/com/codacy/codacy-coverage-reporter/7.0.0/codacy-coverage-reporter-7.0.0-assembly.jar
 - $JAVA_HOME/bin/java -jar ~/codacy-coverage-reporter.jar report -l Java -r target/site/jacoco/jacoco.xml
 cache:
   directories:
@@ -27,4 +28,4 @@ deploy:
     repo: cryptomator/siv-mode
     tags: true
 after_deploy:
-  - "echo '{\"close\": \"1\"}' | curl -v -X POST -u cryptobot:${BINTRAY_API_KEY} https://api.bintray.com/maven_central_sync/cryptomator/maven/siv-mode/versions/${TRAVIS_TAG}"
+  - "echo '{\"close\": \"1\"}' | curl --max-time 10 -X POST -u cryptobot:${BINTRAY_API_KEY} https://api.bintray.com/maven_central_sync/cryptomator/maven/siv-mode/versions/${TRAVIS_TAG}"

README.md

@@ -62,6 +62,12 @@ requires org.cryptomator.siv;
 
 Because BouncyCastle classes are shaded, this library only depends on `java.base`.
 
+## Building
+
+This is a Maven project. To build it, run `mvn clean install`.
+
+Requires JDK 9+ at build time due to JPMS support.
+
 ## License
 Distributed under the MIT X Consortium license. See the LICENSE file for more info.
 

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>siv-mode</artifactId>
-	<version>1.3.1</version>
+	<version>1.3.2</version>
 
 	<name>SIV Mode</name>
 	<description>RFC 5297 SIV mode: deterministic authenticated encryption</description>
@@ -41,71 +41,119 @@
 		<dependency>
 			<groupId>org.bouncycastle</groupId>
 			<artifactId>bcprov-jdk15on</artifactId>
-			<version>1.60</version>
+			<version>1.64</version>
 			<!-- see maven-shade-plugin; we don't want this as a transitive dependency in other projects -->
 			<optional>true</optional>
 		</dependency>
 
 		<!-- Tests -->
 		<dependency>
-			<groupId>junit</groupId>
-			<artifactId>junit</artifactId>
-			<version>4.12</version>
+			<groupId>org.junit.jupiter</groupId>
+			<artifactId>junit-jupiter</artifactId>
+			<version>5.6.0</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.mockito</groupId>
 			<artifactId>mockito-core</artifactId>
-			<version>2.16.0</version>
+			<version>3.2.4</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest</artifactId>
+			<version>2.2</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>com.google.guava</groupId>
 			<artifactId>guava</artifactId>
-			<version>24.0-jre</version>
+			<version>28.2-jre</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.openjdk.jmh</groupId>
 			<artifactId>jmh-core</artifactId>
-			<version>1.20</version>
+			<version>1.23</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.openjdk.jmh</groupId>
 			<artifactId>jmh-generator-annprocess</artifactId>
-			<version>1.20</version>
+			<version>1.23</version>
 			<scope>test</scope>
 		</dependency>
 	</dependencies>
 
 	<build>
 		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-enforcer-plugin</artifactId>
+				<version>3.0.0-M3</version>
+				<executions>
+					<execution>
+						<id>enforce-java</id>
+						<goals>
+							<goal>enforce</goal>
+						</goals>
+						<configuration>
+							<rules>
+								<requireJavaVersion>
+									<message>You need at least JDK 11.0.3 to build this project.</message>
+									<version>[11.0.3,)</version>
+								</requireJavaVersion>
+							</rules>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
 			<plugin>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.7.0</version>
+				<version>3.8.1</version>
 				<configuration>
-					<source>1.7</source>
-					<target>1.7</target>
 					<release>7</release>
+					<testRelease>8</testRelease>
 					<encoding>UTF-8</encoding>
 					<showWarnings>true</showWarnings>
 				</configuration>
+				<executions>
+					<execution>
+						<id>java9</id>
+						<phase>compile</phase>
+						<goals>
+							<goal>compile</goal>
+						</goals>
+						<configuration>
+							<release>9</release>
+							<compileSourceRoots>
+								<compileSourceRoot>${project.basedir}/src/main/java9</compileSourceRoot>
+							</compileSourceRoots>
+							<multiReleaseOutput>true</multiReleaseOutput>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<version>3.0.0-M4</version>
 			</plugin>
 			<plugin>
 				<artifactId>maven-jar-plugin</artifactId>
-				<version>3.0.2</version>
+				<version>3.2.0</version>
 				<configuration>
 					<archive>
 						<manifestEntries>
+							<Multi-Release>true</Multi-Release>
 							<Sealed>true</Sealed>
 						</manifestEntries>
 					</archive>
 				</configuration>
 			</plugin>
 			<plugin>
 				<artifactId>maven-shade-plugin</artifactId>
-				<version>3.1.0</version>
+				<version>3.2.2</version>
 				<executions>
 					<execution>
 						<phase>package</phase>
@@ -132,51 +180,55 @@
 								<filter>
 									<artifact>*:*</artifact>
 									<excludes>
+										<exclude>META-INF/MANIFEST.MF</exclude>
 										<exclude>META-INF/*.SF</exclude>
 										<exclude>META-INF/*.DSA</exclude>
 										<exclude>META-INF/*.RSA</exclude>
+										<exclude>META-INF/services/**</exclude>
 									</excludes>
 								</filter>
 							</filters>
 						</configuration>
 					</execution>
 				</executions>
 			</plugin>
-			<plugin>
-				<groupId>org.moditect</groupId>
-					<artifactId>moditect-maven-plugin</artifactId>
-				<version>1.0.0.Beta1</version>
-				<executions>
-					<execution>
-						<id>add-module-infos</id>
-						<phase>package</phase>
-						<goals>
-							<goal>add-module-info</goal>
-						</goals>
-						<configuration>
-							<module>
-								<moduleInfoSource>
-									module org.cryptomator.siv {
-										exports org.cryptomator.siv;
-									}
-								</moduleInfoSource>
-							</module>
-						</configuration>
-					</execution>
-				</executions>
-			</plugin>
 		</plugins>
 	</build>
 
 	<profiles>
+		<profile>
+			<id>intellij</id>
+			<!-- workaround for intellij bug: https://youtrack.jetbrains.com/issue/IDEA-85478 -->
+			<activation>
+				<activeByDefault>false</activeByDefault>
+				<property>
+					<name>idea.maven.embedder.version</name>
+				</property>
+			</activation>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.apache.maven.plugins</groupId>
+						<artifactId>maven-compiler-plugin</artifactId>
+						<version>3.8.1</version>
+						<configuration>
+							<release>8</release>
+							<source>1.8</source>
+							<target>1.8</target>
+						</configuration>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+
 		<profile>
 			<id>dependency-check</id>
 			<build>
 				<plugins>
 					<plugin>
 						<groupId>org.owasp</groupId>
 						<artifactId>dependency-check-maven</artifactId>
-						<version>3.1.1</version>
+						<version>5.3.0</version>
 						<configuration>
 							<cveValidForHours>24</cveValidForHours>
 							<failBuildOnCVSS>0</failBuildOnCVSS>
@@ -200,7 +252,7 @@
 					<plugin>
 						<groupId>org.jacoco</groupId>
 						<artifactId>jacoco-maven-plugin</artifactId>
-						<version>0.8.0</version>
+						<version>0.8.5</version>
 						<executions>
 							<execution>
 								<id>prepare-agent</id>
@@ -226,7 +278,7 @@
 				<plugins>
 					<plugin>
 						<artifactId>maven-source-plugin</artifactId>
-						<version>3.0.1</version>
+						<version>3.2.1</version>
 						<executions>
 							<execution>
 								<id>attach-sources</id>
@@ -238,7 +290,7 @@
 					</plugin>
 					<plugin>
 						<artifactId>maven-javadoc-plugin</artifactId>
-						<version>3.0.0</version>
+						<version>3.1.1</version>
 						<executions>
 							<execution>
 								<id>attach-javadocs</id>

src/main/java/org/cryptomator/siv/JceAesBlockCipher.java

@@ -3,14 +3,15 @@
  * Copyright (c) 2016 Sebastian Stenzel
  * This file is licensed under the terms of the MIT license.
  * See the LICENSE.txt file for more info.
- * 
+ *
  * Contributors:
  *     Sebastian Stenzel - initial API and implementation
  ******************************************************************************/
 
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
 
 import javax.crypto.Cipher;
 import javax.crypto.NoSuchPaddingException;
@@ -24,12 +25,12 @@
 
 /**
  * Adapter class between BouncyCastle's {@link BlockCipher} and JCE's {@link Cipher} API.
- * 
+ *
  * <p>
  * As per contract of {@link BlockCipher#processBlock(byte[], int, byte[], int)}, this class is designed to encrypt or decrypt just <b>one single block</b> at a time.
  * JCE doesn't allow us to retrieve the plain cipher without a mode, so we explicitly request {@value #SINGLE_BLOCK_PLAIN_AES_JCE_CIPHER_NAME}.
  * This is by design, because we want the plain cipher for a single 128 bit block without any mode. We're not actually using ECB mode.
- * 
+ *
  * <p>
  * This is a package-private class only used to encrypt the 128 bit counter during SIV mode.
  */
@@ -43,9 +44,17 @@ final class JceAesBlockCipher implements BlockCipher {
 	private Key key;
 	private int opmode;
 
-	public JceAesBlockCipher() {
+	JceAesBlockCipher() {
+        this(null);
+    }
+
+	JceAesBlockCipher(Provider provider) {
 		try {
-			this.cipher = Cipher.getInstance(SINGLE_BLOCK_PLAIN_AES_JCE_CIPHER_NAME); // defaults to SunJCE but allows to configure different providers
+			if(provider != null) {
+				this.cipher = Cipher.getInstance(SINGLE_BLOCK_PLAIN_AES_JCE_CIPHER_NAME, provider);
+			} else {
+				this.cipher = Cipher.getInstance(SINGLE_BLOCK_PLAIN_AES_JCE_CIPHER_NAME); // defaults to SunJCE
+			}
 		} catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
 			throw new IllegalStateException("Every implementation of the Java platform is required to support AES/ECB/NoPadding.");
 		}

src/main/java/org/cryptomator/siv/SivMode.java

@@ -9,6 +9,7 @@
  ******************************************************************************/
 
 import java.nio.ByteBuffer;
+import java.security.Provider;
 import java.util.Arrays;
 
 import javax.crypto.IllegalBlockSizeException;
@@ -40,11 +41,24 @@ public final class SivMode {
 	 * @see #SivMode(BlockCipherFactory)
 	 */
 	public SivMode() {
+		this((Provider) null);
+	}
+
+	/**
+	 * Creates an AES-SIV instance using a custom JCE's security provider<br>
+	 *
+	 * For embedded systems, you might want to consider using {@link #SivMode(BlockCipherFactory)} with {@link AESLightEngine} instead.
+	 *
+	 * @param jceSecurityProvider to use to create the internal {@link javax.crypto.Cipher} instance
+	 *
+	 * @see #SivMode(BlockCipherFactory)
+	 */
+	public SivMode(final Provider jceSecurityProvider) {
 		this(new BlockCipherFactory() {
 
 			@Override
 			public BlockCipher create() {
-				return new JceAesBlockCipher();
+				return new JceAesBlockCipher(jceSecurityProvider);
 			}
 
 		});
@@ -75,7 +89,7 @@ protected BlockCipher initialValue() {
 	/**
 	 * Creates {@link BlockCipher}s.
 	 */
-	public static interface BlockCipherFactory {
+	public interface BlockCipherFactory {
 		BlockCipher create();
 	}
 

src/main/java/org/cryptomator/siv/package-info.java

@@ -0,0 +1,8 @@
+/**
+ * Java implementation of RFC 5297 SIV Authenticated Encryption.
+ * <p>
+ * Use an instance of the {@link org.cryptomator.siv.SivMode} class to
+ * {@link org.cryptomator.siv.SivMode#encrypt(javax.crypto.SecretKey, javax.crypto.SecretKey, byte[], byte[]...) encrypt} or
+ * {@link org.cryptomator.siv.SivMode#decrypt(javax.crypto.SecretKey, javax.crypto.SecretKey, byte[], byte[]...) decrypt} data.
+ */
+package org.cryptomator.siv;