diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AEADBufferBaseEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/AEADBufferBaseEngine.java index 1a42433a56..7199105f71 100644 --- a/core/src/main/java/org/bouncycastle/crypto/engines/AEADBufferBaseEngine.java +++ b/core/src/main/java/org/bouncycastle/crypto/engines/AEADBufferBaseEngine.java @@ -35,12 +35,12 @@ protected enum State public void processAADByte(byte input) { checkAAD(); - m_aad[m_aadPos++] = input; - if (m_aadPos >= AADBufferSize) + if (m_aadPos == AADBufferSize) { processBufferAAD(m_aad, 0); m_aadPos = 0; } + m_aad[m_aadPos++] = input; } @Override @@ -74,7 +74,7 @@ public void processAADBytes(byte[] input, int inOff, int len) processBufferAAD(m_aad, 0); m_aadPos = 0; } - while (len >= AADBufferSize) + while (len > AADBufferSize) { processBufferAAD(input, inOff); inOff += AADBufferSize; @@ -92,12 +92,9 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out { throw new DataLengthException("input buffer too short"); } - int blockLen = len + m_bufPos - (forEncryption ? 0 : MAC_SIZE); - if (blockLen / BlockSize * BlockSize + outOff > output.length) - { - throw new OutputLengthException("output buffer is too short"); - } + boolean forEncryption = checkData(); + int resultLength = 0; if (forEncryption) @@ -105,7 +102,7 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out if (m_bufPos > 0) { int available = BlockSize - m_bufPos; - if (len < available) + if (len <= available) { System.arraycopy(input, inOff, m_buf, m_bufPos, len); m_bufPos += len; @@ -116,14 +113,14 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out inOff += available; len -= available; - processBuffer(m_buf, 0, output, outOff); + validateAndProcessBuffer(m_buf, 0, output, outOff); resultLength = BlockSize; //m_bufPos = 0; } - while (len >= BlockSize) + while (len > BlockSize) { - processBuffer(input, inOff, output, outOff + resultLength); + validateAndProcessBuffer(input, inOff, output, outOff + resultLength); inOff += BlockSize; len -= BlockSize; resultLength += BlockSize; @@ -132,16 +129,16 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out else { int available = BlockSize + MAC_SIZE - m_bufPos; - if (len < available) + if (len <= available) { System.arraycopy(input, inOff, m_buf, m_bufPos, len); m_bufPos += len; return 0; } - if (m_bufPos >= BlockSize) + if (m_bufPos > BlockSize) { - processBuffer(m_buf, 0, output, outOff); + validateAndProcessBuffer(m_buf, 0, output, outOff); m_bufPos -= BlockSize; System.arraycopy(m_buf, BlockSize, m_buf, 0, m_bufPos); resultLength = BlockSize; @@ -159,13 +156,13 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out System.arraycopy(input, inOff, m_buf, m_bufPos, available); inOff += available; len -= available; - processBuffer(m_buf, 0, output, outOff + resultLength); + validateAndProcessBuffer(m_buf, 0, output, outOff + resultLength); resultLength += BlockSize; //m_bufPos = 0; - while (len >= BlockSize + MAC_SIZE) + while (len > BlockSize + MAC_SIZE) { - processBuffer(input, inOff, output, outOff + resultLength); + validateAndProcessBuffer(input, inOff, output, outOff + resultLength); inOff += BlockSize; len -= BlockSize; resultLength += BlockSize; @@ -182,10 +179,6 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out public int doFinal(byte[] output, int outOff) throws IllegalStateException, InvalidCipherTextException { - if (!initialised) - { - throw new IllegalStateException("Need call init function before encryption/decryption"); - } boolean forEncryption = checkData(); int resultLength; if (forEncryption) @@ -362,6 +355,15 @@ protected void bufferReset() } } + protected void validateAndProcessBuffer(byte[] input, int inOff, byte[] output, int outOff) + { + if (outOff > output.length - BlockSize) + { + throw new OutputLengthException("output buffer too short"); + } + processBuffer(input, inOff, output, outOff); + } + protected abstract void processFinalBlock(byte[] output, int outOff); protected abstract void processBufferAAD(byte[] input, int inOff); diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java index 3444336d8c..52d2f841a3 100644 --- a/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java +++ b/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java @@ -131,9 +131,17 @@ public void absorbMacBlock(byte[] input, int inOff) public void absorbFinalAADBlock() { - for (int i = 0; i < m_aadPos; ++i) + if (m_aadPos == AADBufferSize) { - x0 ^= (m_aad[i] & 0xFFL) << ((7 - i) << 3); + absorbMacBlock(m_aad, 0); + m_aadPos = 0; + } + else + { + for (int i = 0; i < m_aadPos; ++i) + { + x0 ^= (m_aad[i] & 0xFFL) << ((7 - i) << 3); + } } x0 ^= 0x80L << ((7 - m_aadPos) << 3); P12(); @@ -142,9 +150,17 @@ public void absorbFinalAADBlock() public void processMACFinal(byte[] input, int inOff, int len, byte[] tag) { - for (int i = 0; i < len; ++i) + if (len == BlockSize) { - x0 ^= (input[inOff++] & 0xFFL) << ((7 - i) << 3); + absorbMacBlock(input, inOff); + len = 0; + } + else + { + for (int i = 0; i < len; ++i) + { + x0 ^= (input[inOff++] & 0xFFL) << ((7 - i) << 3); + } } x0 ^= 0x80L << ((7 - len) << 3); P12(); @@ -190,12 +206,19 @@ public void processEncBlock(byte[] input, int inOff, byte[] output, int outOff) public void processEncFinalBlock(byte[] output, int outOff) { - /* Encrypt final m block */ - byte[] xo = Pack.longToLittleEndian(x0); - int mlen = m_bufPos; - while (mlen > 0) + if (m_bufPos == BlockSize) { - output[outOff + mlen - 1] = (byte)(xo[BlockSize - mlen] ^ m_buf[--mlen]); + processEncBlock(m_buf, 0, output, outOff); + } + else + { + /* Encrypt final m block */ + byte[] xo = Pack.longToLittleEndian(x0); + int mlen = m_bufPos; + while (mlen > 0) + { + output[outOff + mlen - 1] = (byte)(xo[BlockSize - mlen] ^ m_buf[--mlen]); + } } } @@ -384,9 +407,17 @@ public void absorbMacBlock(byte[] input, int inOff) public void absorbFinalAADBlock() { - for (int i = 0; i < m_aadPos; i++) + if (m_aadPos == AADBufferSize) + { + absorbMacBlock(m_aad, 0); + m_aadPos = 0; + } + else { - SX[i >> 1] ^= (m_aad[i] & 0xFF) << ((i & 1) << 3); + for (int i = 0; i < m_aadPos; i++) + { + SX[i >> 1] ^= (m_aad[i] & 0xFF) << ((i & 1) << 3); + } } SX[m_aadPos >> 1] ^= 0x80 << ((m_aadPos & 1) << 3); PermuteRoundsHX(SX, E, C); @@ -417,10 +448,18 @@ public void isap_rk(short[] iv16, byte[] y, int ylen, short[] out16, int outlen, public void processMACFinal(byte[] input, int inOff, int len, byte[] tag) { - // Absorb C final block - for (int i = 0; i < len; i++) + if (len == BlockSize) + { + absorbMacBlock(input, inOff); + len = 0; + } + else { - SX[i >> 1] ^= (input[inOff++] & 0xFF) << ((i & 1) << 3); + // Absorb C final block + for (int i = 0; i < len; i++) + { + SX[i >> 1] ^= (input[inOff++] & 0xFF) << ((i & 1) << 3); + } } SX[len >> 1] ^= 0x80 << ((len & 1) << 3); PermuteRoundsHX(SX, E, C); diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java index f1abb38b72..9d19f76823 100644 --- a/core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java +++ b/core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java @@ -146,7 +146,10 @@ protected void processFinalBlock(byte[] output, int outOff) { PHOTON_Permutation(); rhoohr(output, outOff, m_buf, 0, bufferLen); - state[bufferLen] ^= 0x01; // ozs + if(bufferLen < BlockSize) + { + state[bufferLen] ^= 0x01; // ozs + } } state[STATE_INBYTES - 1] ^= c1 << LAST_THREE_BITS_OFFSET; } diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/SparkleEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/SparkleEngine.java index bc9890056e..3557aac603 100644 --- a/core/src/main/java/org/bouncycastle/crypto/engines/SparkleEngine.java +++ b/core/src/main/java/org/bouncycastle/crypto/engines/SparkleEngine.java @@ -1,10 +1,6 @@ package org.bouncycastle.crypto.engines; -import org.bouncycastle.crypto.DataLengthException; -import org.bouncycastle.crypto.InvalidCipherTextException; -import org.bouncycastle.crypto.OutputLengthException; import org.bouncycastle.crypto.digests.SparkleDigest; -import org.bouncycastle.util.Arrays; import org.bouncycastle.util.Integers; import org.bouncycastle.util.Pack; @@ -14,7 +10,7 @@ * Specification: https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/sparkle-spec-final.pdf */ public class SparkleEngine - extends AEADBaseEngine + extends AEADBufferBaseEngine { public enum SparkleParameters { @@ -24,31 +20,14 @@ public enum SparkleParameters SCHWAEMM256_256 } - private enum State - { - Uninitialized, - EncInit, - EncAad, - EncData, - EncFinal, - DecInit, - DecAad, - DecData, - DecFinal, - } - - private static final int[] RCON = { 0xB7E15162, 0xBF715880, 0x38B4DA56, 0x324E7738, 0xBB1185EB, 0x4F7C7B57, - 0xCFBFA1C8, 0xC2B3293D }; + private static final int[] RCON = {0xB7E15162, 0xBF715880, 0x38B4DA56, 0x324E7738, 0xBB1185EB, 0x4F7C7B57, + 0xCFBFA1C8, 0xC2B3293D}; private final int[] state; private final int[] k; private final int[] npub; private boolean encrypted; - private State m_state = State.Uninitialized; - private final int m_bufferSizeDecrypt; - private final byte[] m_buf; - private int m_bufPos = 0; private final int SPARKLE_STEPS_SLIM; private final int SPARKLE_STEPS_BIG; @@ -131,9 +110,10 @@ public SparkleEngine(SparkleParameters sparkleParameters) state = new int[STATE_WORDS]; k = new int[KEY_WORDS]; npub = new int[RATE_WORDS]; - + AADBufferSize = BlockSize = IV_SIZE; m_bufferSizeDecrypt = IV_SIZE + MAC_SIZE; m_buf = new byte[m_bufferSizeDecrypt]; + m_aad = new byte[BlockSize]; // Relied on by processBytes method for decryption // assert RATE_BYTES >= TAG_BYTES; @@ -144,182 +124,15 @@ protected void init(byte[] key, byte[] iv) { Pack.littleEndianToInt(key, 0, k); Pack.littleEndianToInt(iv, 0, npub); - + initialised = true; m_state = forEncryption ? State.EncInit : State.DecInit; reset(); } - public void processAADByte(byte in) - { - checkAAD(); - - if (m_bufPos == IV_SIZE) - { - processBufferAAD(m_buf, 0); - m_bufPos = 0; - } - - m_buf[m_bufPos++] = in; - } - - public void processAADBytes(byte[] in, int inOff, int len) - { - if (inOff > in.length - len) - { - throw new DataLengthException("input buffer too short"); - } - - // Don't enter AAD state until we actually get input - if (len <= 0) - return; - - checkAAD(); - - if (m_bufPos > 0) - { - int available = IV_SIZE - m_bufPos; - if (len <= available) - { - System.arraycopy(in, inOff, m_buf, m_bufPos, len); - m_bufPos += len; - return; - } - - System.arraycopy(in, inOff, m_buf, m_bufPos, available); - inOff += available; - len -= available; - - processBufferAAD(m_buf, 0); - //m_bufPos = 0; - } - - while (len > IV_SIZE) - { - processBufferAAD(in, inOff); - inOff += IV_SIZE; - len -= IV_SIZE; - } - - System.arraycopy(in, inOff, m_buf, 0, len); - m_bufPos = len; - } - - public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) - throws DataLengthException - { - if (inOff > in.length - len) - { - throw new DataLengthException("input buffer too short"); - } - - boolean forEncryption = checkData(); - - int resultLength = 0; - - if (forEncryption) - { - if (m_bufPos > 0) - { - int available = IV_SIZE - m_bufPos; - if (len <= available) - { - System.arraycopy(in, inOff, m_buf, m_bufPos, len); - m_bufPos += len; - return 0; - } - - System.arraycopy(in, inOff, m_buf, m_bufPos, available); - inOff += available; - len -= available; - - processBufferEncrypt(m_buf, 0, out, outOff); - resultLength = IV_SIZE; - //m_bufPos = 0; - } - - while (len > IV_SIZE) - { - processBufferEncrypt(in, inOff, out, outOff + resultLength); - inOff += IV_SIZE; - len -= IV_SIZE; - resultLength += IV_SIZE; - } - } - else - { - int available = m_bufferSizeDecrypt - m_bufPos; - if (len <= available) - { - System.arraycopy(in, inOff, m_buf, m_bufPos, len); - m_bufPos += len; - return 0; - } - - if (m_bufPos > IV_SIZE) - { - processBufferDecrypt(m_buf, 0, out, outOff); - m_bufPos -= IV_SIZE; - System.arraycopy(m_buf, IV_SIZE, m_buf, 0, m_bufPos); - resultLength = IV_SIZE; - - available += IV_SIZE; - if (len <= available) - { - System.arraycopy(in, inOff, m_buf, m_bufPos, len); - m_bufPos += len; - return resultLength; - } - } - - available = IV_SIZE - m_bufPos; - System.arraycopy(in, inOff, m_buf, m_bufPos, available); - inOff += available; - len -= available; - processBufferDecrypt(m_buf, 0, out, outOff + resultLength); - resultLength += IV_SIZE; - //m_bufPos = 0; - - while (len > m_bufferSizeDecrypt) - { - processBufferDecrypt(in, inOff, out, outOff + resultLength); - inOff += IV_SIZE; - len -= IV_SIZE; - resultLength += IV_SIZE; - } - } - - System.arraycopy(in, inOff, m_buf, 0, len); - m_bufPos = len; - - return resultLength; - } - - public int doFinal(byte[] out, int outOff) - throws IllegalStateException, InvalidCipherTextException + @Override + protected void processFinalBlock(byte[] output, int outOff) { - boolean forEncryption = checkData(); - - int resultLength; - if (forEncryption) - { - resultLength = m_bufPos + MAC_SIZE; - } - else - { - if (m_bufPos < MAC_SIZE) - throw new InvalidCipherTextException("data too short"); - - m_bufPos -= MAC_SIZE; - - resultLength = m_bufPos; - } - - if (outOff > out.length - resultLength) - { - throw new OutputLengthException("output buffer too short"); - } - if (encrypted || m_bufPos > 0) { // Encryption of Last Block @@ -346,26 +159,26 @@ public int doFinal(byte[] out, int outOff) } for (int i = 0; i < RATE_WORDS / 2; ++i) { - int j = i + RATE_WORDS /2; + int j = i + RATE_WORDS / 2; int s_i = state[i]; int s_j = state[j]; if (forEncryption) { - state[i] = s_j ^ buffer[i] ^ state[RATE_WORDS + i]; + state[i] = s_j ^ buffer[i] ^ state[RATE_WORDS + i]; state[j] = s_i ^ s_j ^ buffer[j] ^ state[RATE_WORDS + (j & CAP_MASK)]; } else { state[i] = s_i ^ s_j ^ buffer[i] ^ state[RATE_WORDS + i]; - state[j] = s_i ^ buffer[j] ^ state[RATE_WORDS + (j & CAP_MASK)]; + state[j] = s_i ^ buffer[j] ^ state[RATE_WORDS + (j & CAP_MASK)]; } buffer[i] ^= s_i; buffer[j] ^= s_j; } for (int i = 0; i < m_bufPos; ++i) { - out[outOff++] = (byte)(buffer[i >>> 2] >>> ((i & 3) << 3)); + output[outOff++] = (byte)(buffer[i >>> 2] >>> ((i & 3) << 3)); } // execute SPARKLE with big number of steps sparkle_opt(state, SPARKLE_STEPS_BIG); @@ -377,129 +190,10 @@ public int doFinal(byte[] out, int outOff) } mac = new byte[MAC_SIZE]; Pack.intToLittleEndian(state, RATE_WORDS, TAG_WORDS, mac, 0); - if (forEncryption) - { - System.arraycopy(mac, 0, out, outOff, MAC_SIZE); - } - else - { - if (!Arrays.constantTimeAreEqual(MAC_SIZE, mac, 0, m_buf, m_bufPos)) - { - throw new InvalidCipherTextException(algorithmName + " mac does not match"); - } - } - reset(!forEncryption); - return resultLength; - } - - public int getUpdateOutputSize(int len) - { - // The -1 is to account for the lazy processing of a full buffer - int total = Math.max(0, len) - 1; - - switch (m_state) - { - case DecInit: - case DecAad: - total = Math.max(0, total - MAC_SIZE); - break; - case DecData: - case DecFinal: - total = Math.max(0, total + m_bufPos - MAC_SIZE); - break; - case EncData: - case EncFinal: - total = Math.max(0, total + m_bufPos); - break; - default: - break; - } - return total - total % IV_SIZE; - } - - public int getOutputSize(int len) - { - int total = Math.max(0, len); - - switch (m_state) - { - case DecInit: - case DecAad: - return Math.max(0, total - MAC_SIZE); - case DecData: - case DecFinal: - return Math.max(0, total + m_bufPos - MAC_SIZE); - case EncData: - case EncFinal: - return total + m_bufPos + MAC_SIZE; - default: - return total + MAC_SIZE; - } - } - - private void checkAAD() - { - switch (m_state) - { - case DecInit: - m_state = State.DecAad; - break; - case EncInit: - m_state = State.EncAad; - break; - case DecAad: - case EncAad: - break; - case EncFinal: - throw new IllegalStateException(getAlgorithmName() + " cannot be reused for encryption"); - default: - throw new IllegalStateException(getAlgorithmName() + " needs to be initialized"); - } - } - - private boolean checkData() - { - switch (m_state) - { - case DecInit: - case DecAad: - finishAAD(State.DecData); - return false; - case EncInit: - case EncAad: - finishAAD(State.EncData); - return true; - case DecData: - return false; - case EncData: - return true; - case EncFinal: - throw new IllegalStateException(getAlgorithmName() + " cannot be reused for encryption"); - default: - throw new IllegalStateException(getAlgorithmName() + " needs to be initialized"); - } - } - - private void finishAAD(State nextState) - { - // State indicates whether we ever received AAD - switch (m_state) - { - case DecAad: - case EncAad: - { - processFinalAAD(); - break; - } - default: - break; - } - m_bufPos = 0; - m_state = nextState; } - private void processBufferAAD(byte[] buffer, int bufOff) + protected void processBufferAAD(byte[] buffer, int bufOff) { for (int i = 0; i < RATE_WORDS / 2; ++i) { @@ -511,7 +205,7 @@ private void processBufferAAD(byte[] buffer, int bufOff) int d_i = Pack.littleEndianToInt(buffer, bufOff + (i * 4)); int d_j = Pack.littleEndianToInt(buffer, bufOff + (j * 4)); - state[i] = s_j ^ d_i ^ state[RATE_WORDS + i]; + state[i] = s_j ^ d_i ^ state[RATE_WORDS + i]; state[j] = s_i ^ s_j ^ d_j ^ state[RATE_WORDS + (j & CAP_MASK)]; } @@ -522,11 +216,6 @@ private void processBufferDecrypt(byte[] buffer, int bufOff, byte[] output, int { // assert bufOff <= buffer.length - RATE_BYTES; - if (outOff > output.length - IV_SIZE) - { - throw new OutputLengthException("output buffer too short"); - } - for (int i = 0; i < RATE_WORDS / 2; ++i) { int j = i + (RATE_WORDS / 2); @@ -538,7 +227,7 @@ private void processBufferDecrypt(byte[] buffer, int bufOff, byte[] output, int int d_j = Pack.littleEndianToInt(buffer, bufOff + (j * 4)); state[i] = s_i ^ s_j ^ d_i ^ state[RATE_WORDS + i]; - state[j] = s_i ^ d_j ^ state[RATE_WORDS + (j & CAP_MASK)]; + state[j] = s_i ^ d_j ^ state[RATE_WORDS + (j & CAP_MASK)]; Pack.intToLittleEndian(d_i ^ s_i, output, outOff + (i * 4)); Pack.intToLittleEndian(d_j ^ s_j, output, outOff + (j * 4)); @@ -549,14 +238,22 @@ private void processBufferDecrypt(byte[] buffer, int bufOff, byte[] output, int encrypted = true; } - private void processBufferEncrypt(byte[] buffer, int bufOff, byte[] output, int outOff) + @Override + protected void processBuffer(byte[] input, int inOff, byte[] output, int outOff) { -// assert bufOff <= buffer.length - RATE_BYTES; - - if (outOff > output.length - IV_SIZE) + if (forEncryption) + { + processBufferEncrypt(input, inOff, output, outOff); + } + else { - throw new OutputLengthException("output buffer too short"); + processBufferDecrypt(input, inOff, output, outOff); } + } + + private void processBufferEncrypt(byte[] buffer, int bufOff, byte[] output, int outOff) + { +// assert bufOff <= buffer.length - RATE_BYTES; for (int i = 0; i < RATE_WORDS / 2; ++i) { @@ -568,7 +265,7 @@ private void processBufferEncrypt(byte[] buffer, int bufOff, byte[] output, int int d_i = Pack.littleEndianToInt(buffer, bufOff + (i * 4)); int d_j = Pack.littleEndianToInt(buffer, bufOff + (j * 4)); - state[i] = s_j ^ d_i ^ state[RATE_WORDS + i]; + state[i] = s_j ^ d_i ^ state[RATE_WORDS + i]; state[j] = s_i ^ s_j ^ d_j ^ state[RATE_WORDS + (j & CAP_MASK)]; Pack.intToLittleEndian(d_i ^ s_i, output, outOff + (i * 4)); @@ -580,18 +277,18 @@ private void processBufferEncrypt(byte[] buffer, int bufOff, byte[] output, int encrypted = true; } - private void processFinalAAD() + protected void processFinalAAD() { // addition of constant A0 or A1 to the state - if (m_bufPos < IV_SIZE) + if (m_aadPos < BlockSize) { state[STATE_WORDS - 1] ^= _A0; // padding - m_buf[m_bufPos] = (byte)0x80; - while (++m_bufPos < IV_SIZE) + m_aad[m_aadPos] = (byte)0x80; + while (++m_aadPos < BlockSize) { - m_buf[m_bufPos] = 0x00; + m_aad[m_aadPos] = 0x00; } } else @@ -606,41 +303,21 @@ private void processFinalAAD() int s_i = state[i]; int s_j = state[j]; - int d_i = Pack.littleEndianToInt(m_buf, i * 4); - int d_j = Pack.littleEndianToInt(m_buf, j * 4); + int d_i = Pack.littleEndianToInt(m_aad, i * 4); + int d_j = Pack.littleEndianToInt(m_aad, j * 4); - state[i] = s_j ^ d_i ^ state[RATE_WORDS + i]; + state[i] = s_j ^ d_i ^ state[RATE_WORDS + i]; state[j] = s_i ^ s_j ^ d_j ^ state[RATE_WORDS + (j & CAP_MASK)]; } sparkle_opt(state, SPARKLE_STEPS_BIG); } + protected void reset(boolean clearMac) { - Arrays.clear(m_buf); - m_bufPos = 0; + bufferReset(); encrypted = false; - - switch (m_state) - { - case DecInit: - case EncInit: - break; - case DecAad: - case DecData: - case DecFinal: - m_state = State.DecInit; - break; - case EncAad: - case EncData: - case EncFinal: - m_state = State.EncFinal; - return; - default: - throw new IllegalStateException(getAlgorithmName() + " needs to be initialized"); - } - // The Initialize function loads nonce and key into the state and executes the // SPARKLE permutation with the big number of steps. // load nonce into the rate-part of the state @@ -662,10 +339,17 @@ private static void sparkle_opt(int[] state, int steps) { switch (state.length) { - case 8: sparkle_opt8 (state, steps); break; - case 12: sparkle_opt12(state, steps); break; - case 16: sparkle_opt16(state, steps); break; - default: throw new IllegalStateException(); + case 8: + sparkle_opt8(state, steps); + break; + case 12: + sparkle_opt12(state, steps); + break; + case 16: + sparkle_opt16(state, steps); + break; + default: + throw new IllegalStateException(); } } @@ -934,7 +618,7 @@ static void sparkle_opt12(int[] state, int steps) state[10] = s10; state[11] = s11; } - + public static void sparkle_opt12(SparkleDigest.Friend friend, int[] state, int steps) { if (null == friend) diff --git a/core/src/test/java/org/bouncycastle/crypto/test/ISAPTest.java b/core/src/test/java/org/bouncycastle/crypto/test/ISAPTest.java index 99865d34bd..29d2414a4f 100644 --- a/core/src/test/java/org/bouncycastle/crypto/test/ISAPTest.java +++ b/core/src/test/java/org/bouncycastle/crypto/test/ISAPTest.java @@ -33,8 +33,8 @@ public String getName() public void performTest() throws Exception { -// testVectors("isapa128av20", IsapType.ISAP_A_128A); -// testVectors("isapa128v20", IsapType.ISAP_A_128); + testVectors("isapa128av20", IsapType.ISAP_A_128A); + testVectors("isapa128v20", IsapType.ISAP_A_128); testVectors("isapk128av20", IsapType.ISAP_K_128A); testVectors("isapk128v20", IsapType.ISAP_K_128); ISAPEngine ISAP = new ISAPEngine(IsapType.ISAP_K_128A); @@ -109,7 +109,7 @@ private void testVectors(String filename, IsapType isapType) int a = line.indexOf('='); if (a < 0) { -// if (!map.get("Count").equals("67")) +// if (!map.get("Count").equals("19")) // { // continue; // } @@ -145,7 +145,7 @@ private void testVectors(String filename, IsapType isapType) { mismatch("Reccover Keystream " + map.get("Count"), (String)map.get("PT"), pt_recovered); } - System.out.println("Keystream " + map.get("Count") + " pass"); + //System.out.println("Keystream " + map.get("Count") + " pass"); isap.reset(); map.clear(); @@ -382,7 +382,7 @@ private void testExceptions(AEADCipher aeadBlockCipher, int keysize, int ivsize, } try { - aeadBlockCipher.processBytes(new byte[blocksize], 0, blocksize, new byte[blocksize], blocksize >> 1); + aeadBlockCipher.processBytes(new byte[blocksize + 1], 0, blocksize + 1, new byte[blocksize], blocksize >> 1); fail(aeadBlockCipher.getAlgorithmName() + ": output for processBytes is too short"); } catch (OutputLengthException e) diff --git a/core/src/test/java/org/bouncycastle/crypto/test/PhotonBeetleTest.java b/core/src/test/java/org/bouncycastle/crypto/test/PhotonBeetleTest.java index 3c38220e32..460e5a051c 100644 --- a/core/src/test/java/org/bouncycastle/crypto/test/PhotonBeetleTest.java +++ b/core/src/test/java/org/bouncycastle/crypto/test/PhotonBeetleTest.java @@ -97,10 +97,10 @@ private void testVectors(PhotonBeetleEngine.PhotonBeetleParameters pbp, String f int a = line.indexOf('='); if (a < 0) { - if (map.get("Count").equals("133")) - { - System.out.println("test"); - } +// if (map.get("Count").equals("133")) +// { +// System.out.println("test"); +// } byte[] key = Hex.decode(map.get("Key")); byte[] nonce = Hex.decode(map.get("Nonce")); byte[] ad = Hex.decode(map.get("AD")); @@ -130,7 +130,7 @@ private void testVectors(PhotonBeetleEngine.PhotonBeetleParameters pbp, String f mismatch("Reccover Keystream " + map.get("Count"), (String)map.get("PT"), pt_recovered); } PhotonBeetle.reset(); - System.out.println(map.get("Count") + " pass"); + //System.out.println(map.get("Count") + " pass"); map.clear(); } @@ -186,7 +186,7 @@ private void testExceptions(AEADCipher aeadBlockCipher, int keysize, int ivsize, aeadBlockCipher.doFinal(c1, m.length); fail(aeadBlockCipher.getAlgorithmName() + " need to be initialed before dofinal"); } - catch (IllegalArgumentException e) + catch (IllegalStateException e) { //expected } diff --git a/core/src/test/java/org/bouncycastle/crypto/test/SparkleTest.java b/core/src/test/java/org/bouncycastle/crypto/test/SparkleTest.java index 726e860853..62dcf73482 100644 --- a/core/src/test/java/org/bouncycastle/crypto/test/SparkleTest.java +++ b/core/src/test/java/org/bouncycastle/crypto/test/SparkleTest.java @@ -36,6 +36,11 @@ public String getName() public void performTest() throws Exception { + testVectorsEngine_SCHWAEMM128_128(); + testVectorsEngine_SCHWAEMM192_192(); + testVectorsEngine_SCHWAEMM256_128(); + testVectorsEngine_SCHWAEMM256_256(); + testBufferingEngine_SCHWAEMM128_128(); testBufferingEngine_SCHWAEMM192_192(); testBufferingEngine_SCHWAEMM256_128(); @@ -61,10 +66,6 @@ public void performTest() testVectorsDigest_ESCH256(); testVectorsDigest_ESCH384(); - testVectorsEngine_SCHWAEMM128_128(); - testVectorsEngine_SCHWAEMM192_192(); - testVectorsEngine_SCHWAEMM256_128(); - testVectorsEngine_SCHWAEMM256_256(); CipherTest.checkAEADParemeter(this, 16, 16, 16, 16, new SparkleEngine(SparkleEngine.SparkleParameters.SCHWAEMM128_128)); CipherTest.checkAEADParemeter(this, 24, 24, 24, 24, new SparkleEngine(SparkleEngine.SparkleParameters.SCHWAEMM192_192)); CipherTest.checkAEADParemeter(this, 16, 32, 16, 16, new SparkleEngine(SparkleEngine.SparkleParameters.SCHWAEMM256_128)); @@ -374,7 +375,10 @@ private void implTestVectorsEngine(SparkleEngine.SparkleParameters pbp, String f byte[] ad = Hex.decode(map.get("AD")); byte[] pt = Hex.decode(map.get("PT")); byte[] ct = Hex.decode(map.get("CT")); - +// if (!map.get("Count").equals("17")) +// { +// continue; +// } CipherParameters parameters = new ParametersWithIV(new KeyParameter(key), nonce); // Encrypt @@ -410,7 +414,7 @@ private void implTestVectorsEngine(SparkleEngine.SparkleParameters pbp, String f mismatch("Reccover Keystream " + map.get("Count"), (String)map.get("PT"), rv); } } - + System.out.println(map.get("Count") + " pass"); map.clear(); } else @@ -546,7 +550,7 @@ private void implTestExceptionsEngine(SparkleEngine.SparkleParameters sparklePar fail("mac should not match"); } sparkle.init(true, params); - sparkle.processByte((byte)0, null, 0); + sparkle.processByte((byte)0, new byte[1], 0); try { sparkle.processAADByte((byte)0); diff --git a/core/src/test/java/org/bouncycastle/crypto/test/XoodyakTest.java b/core/src/test/java/org/bouncycastle/crypto/test/XoodyakTest.java index 3e09cdba6e..05d4dfb0b7 100644 --- a/core/src/test/java/org/bouncycastle/crypto/test/XoodyakTest.java +++ b/core/src/test/java/org/bouncycastle/crypto/test/XoodyakTest.java @@ -196,7 +196,7 @@ private void testExceptions(AEADCipher aeadBlockCipher, int keysize, int ivsize, aeadBlockCipher.doFinal(c1, m.length); fail(aeadBlockCipher.getAlgorithmName() + " need to be initialed before dofinal"); } - catch (IllegalArgumentException e) + catch (IllegalStateException e) { //expected } @@ -320,7 +320,7 @@ private void testExceptions(AEADCipher aeadBlockCipher, int keysize, int ivsize, } try { - aeadBlockCipher.processBytes(new byte[blocksize], 0, blocksize, new byte[blocksize], blocksize >> 1); + aeadBlockCipher.processBytes(new byte[blocksize + 1], 0, blocksize + 1, new byte[blocksize], blocksize >> 1); fail(aeadBlockCipher.getAlgorithmName() + ": output for processBytes is too short"); } catch (OutputLengthException e)