TODO: Add DecryptionFailureCounter to doFinal of decryption, and check Ascon key and iv reused.

gefeili · gefeili · commit 0bd3e099f8c5 · 2025-08-14T17:07:38.000+09:30
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AEADBaseEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/AEADBaseEngine.java
@@ -705,6 +705,54 @@ public void reset()
         }
     }
 
+    protected class DecryptionFailureCounter
+    {
+        public DecryptionFailureCounter(int n)
+        {
+            this.n = n;
+            counter = new int[(n + 31) >>> 5];
+        }
+
+        private final int n;
+        private final int[] counter;
+
+        public boolean increment()
+        {
+            int i = counter.length;
+            while (--i >= 0)
+            {
+                if (++counter[i] != 0)
+                {
+                    break;
+                }
+            }
+            if ((n & 31) == 0)
+            {
+                for (i = 0; i < counter.length; ++i)
+                {
+                    if (counter[i] != 0)
+                    {
+                        return false;
+                    }
+                }
+                return true;
+            }
+            for (i = 1; i < counter.length; ++i)
+            {
+                if (counter[i] != 0)
+                {
+                    return false;
+                }
+            }
+            return counter[0] != (1 << (n & 31));
+        }
+
+        public void reset()
+        {
+            Arrays.fill(counter, 0);
+        }
+    }
+
     @Override
     public void processAADByte(byte input)
     {
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/AsconTest.java b/core/src/test/java/org/bouncycastle/crypto/test/AsconTest.java
@@ -45,6 +45,7 @@ public String getName()
     public void performTest()
         throws Exception
     {
+        testDecryptionFailureCounter();
         testVectorsAsconCXof128_512();
         DigestTest.checkXof(new AsconXof128(), 1429, 317, new SecureRandom(), this);
         DigestTest.checkXof(new AsconCXof128(), 1429, 317, new SecureRandom(), this);
@@ -108,7 +109,7 @@ public void performTest()
         CipherTest.checkAEADParemeter(this, 16, 16, 16, 16, new AsconEngine(AsconEngine.AsconParameters.ascon128a));
         CipherTest.checkAEADParemeter(this, 20, 16, 16, 16, new AsconEngine(AsconEngine.AsconParameters.ascon80pq));
 
-        CipherTest.testOverlapping(this,16, 16, 16, 16, new AsconAEAD128());
+        CipherTest.testOverlapping(this, 16, 16, 16, 16, new AsconAEAD128());
         CipherTest.testOverlapping(this, 16, 16, 16, 16, new AsconEngine(AsconEngine.AsconParameters.ascon128));
         CipherTest.testOverlapping(this, 16, 16, 16, 16, new AsconEngine(AsconEngine.AsconParameters.ascon128a));
         CipherTest.testOverlapping(this, 20, 16, 16, 16, new AsconEngine(AsconEngine.AsconParameters.ascon80pq));
@@ -1355,4 +1356,63 @@ private static void initEngine(AEADCipher ascon, boolean forEncryption)
         AEADParameters parameters = new AEADParameters(new KeyParameter(new byte[keySize]), macSize, new byte[ivSize], null);
         ascon.init(forEncryption, parameters);
     }
+
+    protected class DecryptionFailureCounter
+    {
+        public DecryptionFailureCounter(int n)
+        {
+            this.n = n;
+            counter = new int[(n + 31) >>> 5];
+        }
+
+        public final int n;
+
+        public final int[] counter;
+
+        public boolean increment()
+        {
+            int i = counter.length;
+            while (--i >= 0)
+            {
+                if (++counter[i] != 0)
+                {
+                    break;
+                }
+            }
+            if ((n & 31) == 0)
+            {
+                for (i = 0; i < counter.length; ++i)
+                {
+                    if (counter[i] != 0)
+                    {
+                        return false;
+                    }
+                }
+                return true;
+            }
+            for (i = 1; i < counter.length; ++i)
+            {
+                if (counter[i] != 0)
+                {
+                    return false;
+                }
+            }
+            return counter[0] != (1 << (n & 31));
+        }
+
+        public void reset()
+        {
+            Arrays.fill(counter, 0);
+        }
+    }
+
+    public void testDecryptionFailureCounter()
+    {
+        int n = 34;
+        DecryptionFailureCounter counter = new DecryptionFailureCounter(n);
+        counter.counter[counter.counter.length - 1] = -2;
+        counter.counter[0] = 1;
+        isTrue(!counter.increment());
+        isTrue(counter.increment());
+    }
 }
