whyoleg
diff --git a/‎cryptography-core/api/cryptography-core.api
Lines changed: 31 additions & 2 deletions b/‎cryptography-core/api/cryptography-core.api
Lines changed: 31 additions & 2 deletions
diff --git a/‎cryptography-core/api/cryptography-core.klib.api
Lines changed: 17 additions & 1 deletion b/‎cryptography-core/api/cryptography-core.klib.api
Lines changed: 17 additions & 1 deletion
diff --git a/‎cryptography-core/src/commonMain/kotlin/algorithms/AES.kt
Lines changed: 38 additions & 1 deletion b/‎cryptography-core/src/commonMain/kotlin/algorithms/AES.kt
Lines changed: 38 additions & 1 deletion
diff --git a/‎cryptography-providers-tests/src/commonMain/kotlin/compatibility/AesCbcCompatibilityTest.kt
Lines changed: 1 addition & 3 deletions b/‎cryptography-providers-tests/src/commonMain/kotlin/compatibility/AesCbcCompatibilityTest.kt
Lines changed: 1 addition & 3 deletions
diff --git a/‎cryptography-providers-tests/src/commonMain/kotlin/compatibility/AesGcmCompatibilityTest.kt
Lines changed: 62 additions & 17 deletions b/‎cryptography-providers-tests/src/commonMain/kotlin/compatibility/AesGcmCompatibilityTest.kt
Lines changed: 62 additions & 17 deletions
@@ -129,8 +129,37 @@ public final class dev/whyoleg/cryptography/algorithms/AES$GCM$Companion : dev/w
 }
 
 public abstract interface class dev/whyoleg/cryptography/algorithms/AES$GCM$Key : dev/whyoleg/cryptography/algorithms/AES$Key {
-	public abstract fun cipher-6q1zMKY (I)Ldev/whyoleg/cryptography/operations/AuthenticatedCipher;
-	public static synthetic fun cipher-6q1zMKY$default (Ldev/whyoleg/cryptography/algorithms/AES$GCM$Key;IILjava/lang/Object;)Ldev/whyoleg/cryptography/operations/AuthenticatedCipher;
+	public abstract fun cipher-6q1zMKY (I)Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedCipher;
+	public static synthetic fun cipher-6q1zMKY$default (Ldev/whyoleg/cryptography/algorithms/AES$GCM$Key;IILjava/lang/Object;)Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedCipher;
+}
+
+public abstract interface class dev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedCipher : dev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedDecryptor, dev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedEncryptor {
+}
+
+public abstract interface class dev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedDecryptor : dev/whyoleg/cryptography/operations/AuthenticatedDecryptor {
+	public fun decrypt (Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
+	public fun decrypt ([B[B[BLkotlin/coroutines/Continuation;)Ljava/lang/Object;
+	public static synthetic fun decrypt$default (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedDecryptor;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlin/coroutines/Continuation;ILjava/lang/Object;)Ljava/lang/Object;
+	public static synthetic fun decrypt$default (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedDecryptor;[B[B[BLkotlin/coroutines/Continuation;ILjava/lang/Object;)Ljava/lang/Object;
+	public static synthetic fun decrypt$suspendImpl (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedDecryptor;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
+	public static synthetic fun decrypt$suspendImpl (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedDecryptor;[B[B[BLkotlin/coroutines/Continuation;)Ljava/lang/Object;
+	public fun decryptBlocking (Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;)Lkotlinx/io/bytestring/ByteString;
+	public abstract fun decryptBlocking ([B[B[B)[B
+	public static synthetic fun decryptBlocking$default (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedDecryptor;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;ILjava/lang/Object;)Lkotlinx/io/bytestring/ByteString;
+	public static synthetic fun decryptBlocking$default (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedDecryptor;[B[B[BILjava/lang/Object;)[B
+}
+
+public abstract interface class dev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedEncryptor : dev/whyoleg/cryptography/operations/AuthenticatedEncryptor {
+	public fun encrypt (Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
+	public fun encrypt ([B[B[BLkotlin/coroutines/Continuation;)Ljava/lang/Object;
+	public static synthetic fun encrypt$default (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedEncryptor;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlin/coroutines/Continuation;ILjava/lang/Object;)Ljava/lang/Object;
+	public static synthetic fun encrypt$default (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedEncryptor;[B[B[BLkotlin/coroutines/Continuation;ILjava/lang/Object;)Ljava/lang/Object;
+	public static synthetic fun encrypt$suspendImpl (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedEncryptor;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlin/coroutines/Continuation;)Ljava/lang/Object;
+	public static synthetic fun encrypt$suspendImpl (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedEncryptor;[B[B[BLkotlin/coroutines/Continuation;)Ljava/lang/Object;
+	public fun encryptBlocking (Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;)Lkotlinx/io/bytestring/ByteString;
+	public abstract fun encryptBlocking ([B[B[B)[B
+	public static synthetic fun encryptBlocking$default (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedEncryptor;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;Lkotlinx/io/bytestring/ByteString;ILjava/lang/Object;)Lkotlinx/io/bytestring/ByteString;
+	public static synthetic fun encryptBlocking$default (Ldev/whyoleg/cryptography/algorithms/AES$IvAuthenticatedEncryptor;[B[B[BILjava/lang/Object;)[B
 }
 
 public abstract interface class dev/whyoleg/cryptography/algorithms/AES$IvCipher : dev/whyoleg/cryptography/algorithms/AES$IvDecryptor, dev/whyoleg/cryptography/algorithms/AES$IvEncryptor {
 
@@ -57,12 +57,28 @@ abstract interface <#A: dev.whyoleg.cryptography.algorithms/AES.Key> dev.whyoleg
             open fun <get-id>(): dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.GCM> // dev.whyoleg.cryptography.algorithms/AES.GCM.id.<get-id>|<get-id>(){}[0]
 
         abstract interface Key : dev.whyoleg.cryptography.algorithms/AES.Key { // dev.whyoleg.cryptography.algorithms/AES.GCM.Key|null[0]
-            abstract fun cipher(dev.whyoleg.cryptography/BinarySize = ...): dev.whyoleg.cryptography.operations/AuthenticatedCipher // dev.whyoleg.cryptography.algorithms/AES.GCM.Key.cipher|cipher(dev.whyoleg.cryptography.BinarySize){}[0]
+            abstract fun cipher(dev.whyoleg.cryptography/BinarySize = ...): dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedCipher // dev.whyoleg.cryptography.algorithms/AES.GCM.Key.cipher|cipher(dev.whyoleg.cryptography.BinarySize){}[0]
         }
 
         final object Companion : dev.whyoleg.cryptography/CryptographyAlgorithmId<dev.whyoleg.cryptography.algorithms/AES.GCM> // dev.whyoleg.cryptography.algorithms/AES.GCM.Companion|null[0]
     }
 
+    abstract interface IvAuthenticatedCipher : dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedDecryptor, dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedEncryptor // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedCipher|null[0]
+
+    abstract interface IvAuthenticatedDecryptor : dev.whyoleg.cryptography.operations/AuthenticatedDecryptor { // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedDecryptor|null[0]
+        abstract fun decryptBlocking(kotlin/ByteArray, kotlin/ByteArray, kotlin/ByteArray? = ...): kotlin/ByteArray // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedDecryptor.decryptBlocking|decryptBlocking(kotlin.ByteArray;kotlin.ByteArray;kotlin.ByteArray?){}[0]
+        open fun decryptBlocking(kotlinx.io.bytestring/ByteString, kotlinx.io.bytestring/ByteString, kotlinx.io.bytestring/ByteString? = ...): kotlinx.io.bytestring/ByteString // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedDecryptor.decryptBlocking|decryptBlocking(kotlinx.io.bytestring.ByteString;kotlinx.io.bytestring.ByteString;kotlinx.io.bytestring.ByteString?){}[0]
+        open suspend fun decrypt(kotlin/ByteArray, kotlin/ByteArray, kotlin/ByteArray? = ...): kotlin/ByteArray // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedDecryptor.decrypt|decrypt(kotlin.ByteArray;kotlin.ByteArray;kotlin.ByteArray?){}[0]
+        open suspend fun decrypt(kotlinx.io.bytestring/ByteString, kotlinx.io.bytestring/ByteString, kotlinx.io.bytestring/ByteString? = ...): kotlinx.io.bytestring/ByteString // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedDecryptor.decrypt|decrypt(kotlinx.io.bytestring.ByteString;kotlinx.io.bytestring.ByteString;kotlinx.io.bytestring.ByteString?){}[0]
+    }
+
+    abstract interface IvAuthenticatedEncryptor : dev.whyoleg.cryptography.operations/AuthenticatedEncryptor { // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedEncryptor|null[0]
+        abstract fun encryptBlocking(kotlin/ByteArray, kotlin/ByteArray, kotlin/ByteArray? = ...): kotlin/ByteArray // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedEncryptor.encryptBlocking|encryptBlocking(kotlin.ByteArray;kotlin.ByteArray;kotlin.ByteArray?){}[0]
+        open fun encryptBlocking(kotlinx.io.bytestring/ByteString, kotlinx.io.bytestring/ByteString, kotlinx.io.bytestring/ByteString? = ...): kotlinx.io.bytestring/ByteString // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedEncryptor.encryptBlocking|encryptBlocking(kotlinx.io.bytestring.ByteString;kotlinx.io.bytestring.ByteString;kotlinx.io.bytestring.ByteString?){}[0]
+        open suspend fun encrypt(kotlin/ByteArray, kotlin/ByteArray, kotlin/ByteArray? = ...): kotlin/ByteArray // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedEncryptor.encrypt|encrypt(kotlin.ByteArray;kotlin.ByteArray;kotlin.ByteArray?){}[0]
+        open suspend fun encrypt(kotlinx.io.bytestring/ByteString, kotlinx.io.bytestring/ByteString, kotlinx.io.bytestring/ByteString? = ...): kotlinx.io.bytestring/ByteString // dev.whyoleg.cryptography.algorithms/AES.IvAuthenticatedEncryptor.encrypt|encrypt(kotlinx.io.bytestring.ByteString;kotlinx.io.bytestring.ByteString;kotlinx.io.bytestring.ByteString?){}[0]
+    }
+
     abstract interface IvCipher : dev.whyoleg.cryptography.algorithms/AES.IvDecryptor, dev.whyoleg.cryptography.algorithms/AES.IvEncryptor // dev.whyoleg.cryptography.algorithms/AES.IvCipher|null[0]
 
     abstract interface IvDecryptor : dev.whyoleg.cryptography.operations/Decryptor { // dev.whyoleg.cryptography.algorithms/AES.IvDecryptor|null[0]
 
@@ -79,7 +79,7 @@ public interface AES<K : AES.Key> : CryptographyAlgorithm {
 
         @SubclassOptInRequired(CryptographyProviderApi::class)
         public interface Key : AES.Key {
-            public fun cipher(tagSize: BinarySize = 128.bits): AuthenticatedCipher
+            public fun cipher(tagSize: BinarySize = 128.bits): IvAuthenticatedCipher
         }
     }
 
@@ -119,4 +119,41 @@ public interface AES<K : AES.Key> : CryptographyAlgorithm {
         public fun decryptBlocking(iv: ByteString, ciphertext: ByteString): ByteString =
             decryptBlocking(iv.asByteArray(), ciphertext.asByteArray()).asByteString()
     }
+
+    @SubclassOptInRequired(CryptographyProviderApi::class)
+    public interface IvAuthenticatedCipher : IvAuthenticatedEncryptor, IvAuthenticatedDecryptor
+
+    @SubclassOptInRequired(CryptographyProviderApi::class)
+    public interface IvAuthenticatedEncryptor : AuthenticatedEncryptor {
+        @DelicateCryptographyApi
+        public suspend fun encrypt(iv: ByteArray, plaintext: ByteArray, associatedData: ByteArray? = null): ByteArray = encryptBlocking(iv, plaintext, associatedData)
+
+        @DelicateCryptographyApi
+        public fun encryptBlocking(iv: ByteArray, plaintext: ByteArray, associatedData: ByteArray? = null): ByteArray
+
+        @DelicateCryptographyApi
+        public suspend fun encrypt(iv: ByteString, plaintext: ByteString, associatedData: ByteString? = null): ByteString =
+            encrypt(iv.asByteArray(), plaintext.asByteArray(), associatedData?.toByteArray()).asByteString()
+
+        @DelicateCryptographyApi
+        public fun encryptBlocking(iv: ByteString, plaintext: ByteString, associatedData: ByteString? = null): ByteString =
+            encryptBlocking(iv.asByteArray(), plaintext.asByteArray(), associatedData?.toByteArray()).asByteString()
+    }
+
+    @SubclassOptInRequired(CryptographyProviderApi::class)
+    public interface IvAuthenticatedDecryptor : AuthenticatedDecryptor {
+        @DelicateCryptographyApi
+        public suspend fun decrypt(iv: ByteArray, ciphertext: ByteArray, associatedData: ByteArray? = null): ByteArray = decryptBlocking(iv, ciphertext, associatedData)
+
+        @DelicateCryptographyApi
+        public fun decryptBlocking(iv: ByteArray, ciphertext: ByteArray, associatedData: ByteArray? = null): ByteArray
+
+        @DelicateCryptographyApi
+        public suspend fun decrypt(iv: ByteString, ciphertext: ByteString, associatedData: ByteString? = null): ByteString =
+            decrypt(iv.asByteArray(), ciphertext.asByteArray(), associatedData?.toByteArray()).asByteString()
+
+        @DelicateCryptographyApi
+        public fun decryptBlocking(iv: ByteString, ciphertext: ByteString, associatedData: ByteString? = null): ByteString =
+            decryptBlocking(iv.asByteArray(), ciphertext.asByteArray(), associatedData?.toByteArray()).asByteString()
+    }
 }
@@ -24,9 +24,7 @@ abstract class AesCbcCompatibilityTest(provider: CryptographyProvider) :
     private data class CipherParameters(
         val padding: Boolean,
         val iv: ByteStringAsString?,
-    ) : TestParameters {
-        override fun toString(): String = "CipherParameters(padding=${padding}, iv.size=${iv?.size})"
-    }
+    ) : TestParameters
 
     override suspend fun CompatibilityTestScope<AES.CBC>.generate(isStressTest: Boolean) {
         val cipherIterations = when {
 
@@ -20,7 +20,10 @@ abstract class AesGcmCompatibilityTest(provider: CryptographyProvider) :
     AesBasedCompatibilityTest<AES.GCM.Key, AES.GCM>(AES.GCM, provider) {
 
     @Serializable
-    private data class CipherParameters(val tagSizeBits: Int) : TestParameters
+    private data class CipherParameters(
+        val tagSizeBits: Int,
+        val iv: ByteStringAsString?,
+    ) : TestParameters
 
     override suspend fun CompatibilityTestScope<AES.GCM>.generate(isStressTest: Boolean) {
         val associatedDataIterations = when {
@@ -31,17 +34,28 @@ abstract class AesGcmCompatibilityTest(provider: CryptographyProvider) :
             isStressTest -> 10
             else         -> 5
         }
+        val ivIterations = when {
+            isStressTest -> 10
+            else         -> 5
+        }
 
+        val tagSizes = listOf(96, 128)
 
-        val tagSizes = listOf(96, 128).map { tagSizeBits ->
-            val id = api.ciphers.saveParameters(CipherParameters(tagSizeBits))
-            id to tagSizeBits.bits
+        val parametersList = buildList {
+            tagSizes.forEach { tagSize ->
+                // size of IV = 12
+                (List(ivIterations) { ByteString(CryptographyRandom.nextBytes(12)) } + listOf(null)).forEach { iv ->
+                    val parameters = CipherParameters(tagSize, iv)
+                    val id = api.ciphers.saveParameters(parameters)
+                    add(id to parameters)
+                }
+            }
         }
 
         generateKeys(isStressTest) { key, keyReference, _ ->
-            tagSizes.forEach { (cipherParametersId, tagSize) ->
-                logger.log { "tagSize = $tagSize" }
-                val cipher = key.cipher(tagSize)
+            parametersList.forEach { (cipherParametersId, parameters) ->
+                logger.log { "parameters = $parameters" }
+                val cipher = key.cipher(parameters.tagSizeBits.bits)
                 repeat(associatedDataIterations) { adIndex ->
                     val associatedDataSize = if (adIndex == 0) null else CryptographyRandom.nextInt(maxAssociatedDataSize)
                     logger.log { "associatedData.size = $associatedDataSize" }
@@ -50,10 +64,21 @@ abstract class AesGcmCompatibilityTest(provider: CryptographyProvider) :
                         val plaintextSize = CryptographyRandom.nextInt(maxPlaintextSize)
                         logger.log { "plaintext.size      = $plaintextSize" }
                         val plaintext = ByteString(CryptographyRandom.nextBytes(plaintextSize))
-                        val ciphertext = cipher.encrypt(plaintext, associatedData)
-                        logger.log { "ciphertext.size     = ${ciphertext.size}" }
 
-                        assertContentEquals(plaintext, cipher.decrypt(ciphertext, associatedData), "Initial Decrypt")
+                        val ciphertext = when (val iv = parameters.iv) {
+                            null -> {
+                                val ciphertext = cipher.encrypt(plaintext, associatedData)
+                                logger.log { "ciphertext.size = ${ciphertext.size}" }
+                                assertContentEquals(plaintext, cipher.decrypt(ciphertext, associatedData), "Initial Decrypt")
+                                ciphertext
+                            }
+                            else -> {
+                                val ciphertext = cipher.resetIv(context).encrypt(iv, plaintext, associatedData)
+                                logger.log { "ciphertext.size = ${ciphertext.size}" }
+                                assertContentEquals(plaintext, cipher.decrypt(iv, ciphertext, associatedData), "Initial Decrypt")
+                                ciphertext
+                            }
+                        }
 
                         api.ciphers.saveData(
                             cipherParametersId,
@@ -68,18 +93,38 @@ abstract class AesGcmCompatibilityTest(provider: CryptographyProvider) :
     override suspend fun CompatibilityTestScope<AES.GCM>.validate() {
         val keys = validateKeys()
 
-        api.ciphers.getParameters<CipherParameters> { (tagSize), parametersId, _ ->
+        api.ciphers.getParameters<CipherParameters> { (tagSize, iv), parametersId, _ ->
             api.ciphers.getData<AuthenticatedCipherData>(parametersId) { (keyReference, associatedData, plaintext, ciphertext), _, _ ->
                 keys[keyReference]?.forEach { key ->
                     val cipher = key.cipher(tagSize.bits)
-                    assertContentEquals(plaintext, cipher.decrypt(ciphertext, associatedData), "Decrypt")
-                    assertContentEquals(
-                        plaintext,
-                        cipher.decrypt(cipher.encrypt(plaintext, associatedData), associatedData),
-                        "Encrypt-Decrypt"
-                    )
+
+                    when (iv) {
+                        null -> {
+                            assertContentEquals(plaintext, cipher.decrypt(ciphertext, associatedData), "Decrypt")
+                            assertContentEquals(
+                                plaintext,
+                                cipher.decrypt(cipher.encrypt(plaintext, associatedData), associatedData),
+                                "Encrypt-Decrypt"
+                            )
+                        }
+                        else -> {
+                            assertContentEquals(plaintext, cipher.decrypt(iv, ciphertext, associatedData), "Decrypt")
+                            assertContentEquals(
+                                plaintext,
+                                cipher.decrypt(iv, cipher.resetIv(context).encrypt(iv, plaintext, associatedData), associatedData),
+                                "Encrypt-Decrypt"
+                            )
+                        }
+                    }
                 }
             }
         }
     }
 }
+
+// GCM mode on JDK has a check which tries to prevent reuse of the same IV with the same key.
+// we need to set random IV first to be able to reuse IV for different plaintext for the same key
+private suspend fun AES.IvAuthenticatedCipher.resetIv(context: TestContext): AES.IvAuthenticatedCipher {
+    if (context.provider.isJdk) encrypt(ByteString())
+    return this
+}