Removed all uses of JCE so we can use full-strength crypto on all JVMs.

briar-api/src/net/sf/briar/api/crypto/AuthenticatedCipher.java

@@ -1,28 +1,20 @@
 package net.sf.briar.api.crypto;
 
-import java.security.InvalidKeyException;
-import java.security.Key;
+import java.security.GeneralSecurityException;
 
-import javax.crypto.BadPaddingException;
-import javax.crypto.IllegalBlockSizeException;
-
-/**
- * A wrapper for a provider-dependent cipher class, since javax.crypto.Cipher
- * doesn't support additional authenticated data until Java 7.
- */
+/** An authenticated cipher that support additional authenticated data. */
 public interface AuthenticatedCipher {
 
 	/**
 	 * Initializes this cipher with a key, an initialisation vector (IV) and
 	 * additional authenticated data (AAD).
 	 */
-	void init(int opmode, Key key, byte[] iv, byte[] aad)
-			throws InvalidKeyException;
+	void init(int opmode, SecretKey key, byte[] iv, byte[] aad)
+			throws GeneralSecurityException;
 
 	/** Encrypts or decrypts data in a single-part operation. */
 	int doFinal(byte[] input, int inputOff, int len, byte[] output,
-			int outputOff) throws IllegalBlockSizeException,
-			BadPaddingException;
+			int outputOff) throws GeneralSecurityException;
 
 	/** Returns the length of the message authenticated code (MAC) in bytes. */
 	int getMacLength();

briar-api/src/net/sf/briar/api/crypto/CryptoComponent.java

@@ -1,13 +1,11 @@
 package net.sf.briar.api.crypto;
 
 import java.security.GeneralSecurityException;
-import java.security.KeyPair;
 import java.security.SecureRandom;
-import java.security.Signature;
 
 public interface CryptoComponent {
 
-	ErasableKey generateSecretKey();
+	SecretKey generateSecretKey();
 
 	MessageDigest getMessageDigest();
 
@@ -67,7 +65,7 @@ public interface CryptoComponent {
 	 * @param alice indicates whether the key is for connections initiated by
 	 * Alice or Bob.
 	 */
-	ErasableKey deriveTagKey(byte[] secret, boolean alice);
+	SecretKey deriveTagKey(byte[] secret, boolean alice);
 
 	/**
 	 * Derives a frame key from the given temporary secret and connection
@@ -77,14 +75,14 @@ public interface CryptoComponent {
 	 * @param initiator indicates whether the key is for the initiator's or the
 	 * responder's side of the connection.
 	 */
-	ErasableKey deriveFrameKey(byte[] secret, long connection, boolean alice,
+	SecretKey deriveFrameKey(byte[] secret, long connection, boolean alice,
 			boolean initiator);
 
 	/** Returns a cipher for encrypting and authenticating connections. */
 	AuthenticatedCipher getFrameCipher();
 
 	/** Encodes the pseudo-random tag that is used to recognise a connection. */
-	void encodeTag(byte[] tag, ErasableKey tagKey, long connection);
+	void encodeTag(byte[] tag, SecretKey tagKey, long connection);
 
 	/**
 	 * Encrypts and authenticates the given plaintext so it can be written to

briar-api/src/net/sf/briar/api/crypto/ErasableKey.java

@@ -1,12 +0,0 @@
-package net.sf.briar.api.crypto;
-
-import javax.crypto.SecretKey;
-
-public interface ErasableKey extends SecretKey {
-
-	/** Returns a copy of the key. */
-	ErasableKey copy();
-
-	/** Erases the key from memory. */
-	void erase();
-}

briar-api/src/net/sf/briar/api/crypto/KeyPair.java

@@ -0,0 +1,21 @@
+package net.sf.briar.api.crypto;
+
+/** A key pair consisting of a {@link PublicKey} and a {@link PrivateKey). */
+public class KeyPair {
+
+	private final PublicKey publicKey;
+	private final PrivateKey privateKey;
+
+	public KeyPair(PublicKey publicKey, PrivateKey privateKey) {
+		this.publicKey = publicKey;
+		this.privateKey = privateKey;
+	}
+
+	public PublicKey getPublic() {
+		return publicKey;
+	}
+
+	public PrivateKey getPrivate() {
+		return privateKey;
+	}
+}

briar-api/src/net/sf/briar/api/crypto/KeyParser.java

@@ -1,13 +1,11 @@
 package net.sf.briar.api.crypto;
 
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.spec.InvalidKeySpecException;
+import java.security.GeneralSecurityException;
 
 public interface KeyParser {
 
-	PublicKey parsePublicKey(byte[] encodedKey) throws InvalidKeySpecException;
+	PublicKey parsePublicKey(byte[] encodedKey) throws GeneralSecurityException;
 
 	PrivateKey parsePrivateKey(byte[] encodedKey)
-			throws InvalidKeySpecException;
+			throws GeneralSecurityException;
 }

briar-api/src/net/sf/briar/api/crypto/MessageDigest.java

@@ -1,9 +1,5 @@
 package net.sf.briar.api.crypto;
 
-/**
- * A wrapper around a {@link java.security.MessageDigest} that allows it to be
- * replaced for testing.
- */
 public interface MessageDigest {
 
 	/** @see {@link java.security.MessageDigest#digest()} */

briar-api/src/net/sf/briar/api/crypto/PrivateKey.java

@@ -0,0 +1,8 @@
+package net.sf.briar.api.crypto;
+
+/** The private half of a public/private {@link KeyPair}. */
+public interface PrivateKey {
+
+	/** Returns the encoded representation of this key. */
+	byte[] getEncoded();
+}

briar-api/src/net/sf/briar/api/crypto/PublicKey.java

@@ -0,0 +1,8 @@
+package net.sf.briar.api.crypto;
+
+/** The public half of a public/private {@link KeyPair}. */
+public interface PublicKey {
+
+	/** Returns the encoded representation of this key. */
+	byte[] getEncoded();
+}

briar-api/src/net/sf/briar/api/crypto/SecretKey.java

@@ -0,0 +1,21 @@
+package net.sf.briar.api.crypto;
+
+/** A secret key used for encryption and/or authentication. */
+public interface SecretKey {
+
+	/** Returns the encoded representation of this key. */
+	byte[] getEncoded();
+
+	/**
+	 * Returns a copy of this key - erasing this key will erase the copy and
+	 * vice versa.
+	 */
+	SecretKey copy();
+
+	/**
+	 * Erases this key from memory. Any copies derived from this key via the
+	 * {@link #copy()} method, and any keys from which this key was derived via
+	 * the {@link #copy()} method, are also erased.
+	 */
+	void erase();
+}

briar-api/src/net/sf/briar/api/crypto/Signature.java

@@ -0,0 +1,31 @@
+package net.sf.briar.api.crypto;
+
+import java.security.GeneralSecurityException;
+
+public interface Signature {
+
+	/**
+	 * @see {@link java.security.Signature#initSign(java.security.PrivateKey)}
+	 */
+	void initSign(PrivateKey k) throws GeneralSecurityException;
+
+	/**
+	 * @see {@link java.security.Signature#initVafiry(java.security.PublicKey)}
+	 */
+	void initVerify(PublicKey k) throws GeneralSecurityException;
+
+	/** @see {@link java.security.Signature#update(byte)} */
+	void update(byte b);
+
+	/** @see {@link java.security.Signature#update(byte[])} */
+	void update(byte[] b);
+
+	/** @see {@link java.security.Signature#update(byte[], int, int)} */
+	void update(byte[] b, int off, int len);
+
+	/** @see {@link java.security.Signature#sign()} */
+	byte[] sign();
+
+	/** @see {@link java.security.Signature#verify(byte[])} */
+	boolean verify(byte[] signature);
+}

briar-api/src/net/sf/briar/api/messaging/MessageFactory.java

@@ -2,9 +2,9 @@ package net.sf.briar.api.messaging;
 
 import java.io.IOException;
 import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
 
 import net.sf.briar.api.Author;
+import net.sf.briar.api.crypto.PrivateKey;
 
 public interface MessageFactory {
 

briar-api/src/net/sf/briar/api/serial/SigningConsumer.java

@@ -1,8 +1,6 @@
 package net.sf.briar.api.serial;
 
-import java.io.IOException;
-import java.security.Signature;
-import java.security.SignatureException;
+import net.sf.briar.api.crypto.Signature;
 
 /** A consumer that passes its input through a signature. */
 public class SigningConsumer implements Consumer {
@@ -13,19 +11,11 @@ public class SigningConsumer implements Consumer {
 		this.signature = signature;
 	}
 
-	public void write(byte b) throws IOException {
-		try {
-			signature.update(b);
-		} catch(SignatureException e) {
-			throw new IOException(e.toString());
-		}
+	public void write(byte b) {
+		signature.update(b);
 	}
 
-	public void write(byte[] b, int off, int len) throws IOException {
-		try {
-			signature.update(b, off, len);
-		} catch(SignatureException e) {
-			throw new IOException(e.toString());
-		}
+	public void write(byte[] b, int off, int len) {
+		signature.update(b, off, len);
 	}
 }