Merge remote-tracking branch 'origin/master'

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/SavableDigest.java

@@ -0,0 +1,13 @@
+package org.bouncycastle.crypto;
+
+import org.bouncycastle.crypto.digests.EncodableDigest;
+import org.bouncycastle.util.Memoable;
+
+/**
+ * Extended digest which provides the ability to store state and
+ * provide an encoding.
+ */
+public interface SavableDigest
+    extends ExtendedDigest, EncodableDigest, Memoable
+{
+}

core/src/main/java/org/bouncycastle/crypto/digests/SHA256Digest.java

@@ -4,6 +4,7 @@
 import org.bouncycastle.crypto.CryptoServiceProperties;
 import org.bouncycastle.crypto.CryptoServicePurpose;
 import org.bouncycastle.crypto.CryptoServicesRegistrar;
+import org.bouncycastle.crypto.SavableDigest;
 import org.bouncycastle.util.Memoable;
 import org.bouncycastle.util.Pack;
 
@@ -21,7 +22,7 @@
  */
 public class SHA256Digest
     extends GeneralDigest
-    implements EncodableDigest
+    implements SavableDigest
 {
     private static final int    DIGEST_LENGTH = 32;
 

core/src/main/java/org/bouncycastle/crypto/engines/DESedeWrapEngine.java

@@ -178,8 +178,8 @@ public byte[] wrap(byte[] in, int inOff, int inLen)
       System.arraycopy(this.iv, 0, TEMP2, 0, this.iv.length);
       System.arraycopy(TEMP1, 0, TEMP2, this.iv.length, TEMP1.length);
 
-      // Reverse the order of the octets in TEMP2 and call the result TEMP3.
-      byte[] TEMP3 = reverse(TEMP2);
+      // Reverse the order of the octets in TEMP2.
+      Arrays.reverseInPlace(TEMP2);
 
       // Encrypt TEMP3 in CBC mode using the KEK and an initialization vector
       // of 0x 4a dd a2 2c 79 e8 21 05. The resulting cipher text is the desired
@@ -188,12 +188,12 @@ public byte[] wrap(byte[] in, int inOff, int inLen)
 
       this.engine.init(true, param2);
 
-      for (int currentBytePos = 0; currentBytePos != TEMP3.length; currentBytePos += blockSize) 
+      for (int currentBytePos = 0; currentBytePos != TEMP2.length; currentBytePos += blockSize) 
       {
-         engine.processBlock(TEMP3, currentBytePos, TEMP3, currentBytePos);
+         engine.processBlock(TEMP2, currentBytePos, TEMP2, currentBytePos);
       }
 
-      return TEMP3;
+      return TEMP2;
    }
 
    /**
@@ -246,15 +246,15 @@ public byte[] unwrap(byte[] in, int inOff, int inLen)
 
       this.engine.init(false, param2);
 
-      byte TEMP3[] = new byte[inLen];
+      byte TEMP2[] = new byte[inLen];
 
       for (int currentBytePos = 0; currentBytePos != inLen; currentBytePos += blockSize) 
       {
-         engine.processBlock(in, inOff + currentBytePos, TEMP3, currentBytePos);
+         engine.processBlock(in, inOff + currentBytePos, TEMP2, currentBytePos);
       }
 
-      // Reverse the order of the octets in TEMP3 and call the result TEMP2.
-      byte[] TEMP2 = reverse(TEMP3);
+      // Reverse the order of the octets in TEMP2.
+      Arrays.reverseInPlace(TEMP2);
 
       // Decompose TEMP2 into IV, the first 8 octets, and TEMP1, the remaining octets.
       this.iv = new byte[8];
@@ -337,14 +337,4 @@ private boolean checkCMSKeyChecksum(
     {
         return Arrays.constantTimeAreEqual(calculateCMSKeyChecksum(key), checksum);
     }
-
-    private static byte[] reverse(byte[] bs)
-    {
-        byte[] result = new byte[bs.length];
-        for (int i = 0; i < bs.length; i++) 
-        {
-           result[i] = bs[bs.length - (i + 1)];
-        }
-        return result;
-    }
 }

core/src/main/java/org/bouncycastle/crypto/params/Ed25519PrivateKeyParameters.java

@@ -64,9 +64,7 @@ public Ed25519PublicKeyParameters generatePublicKey()
         {
             if (null == cachedPublicKey)
             {
-                byte[] publicKey = new byte[Ed25519.PUBLIC_KEY_SIZE];
-                Ed25519.generatePublicKey(data, 0, publicKey, 0);
-                cachedPublicKey = new Ed25519PublicKeyParameters(publicKey, 0);
+                cachedPublicKey = new Ed25519PublicKeyParameters(Ed25519.generatePublicKey(data, 0));
             }
 
             return cachedPublicKey;

core/src/main/java/org/bouncycastle/crypto/params/Ed25519PublicKeyParameters.java

@@ -5,15 +5,14 @@
 import java.io.InputStream;
 
 import org.bouncycastle.math.ec.rfc8032.Ed25519;
-import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.io.Streams;
 
 public final class Ed25519PublicKeyParameters
     extends AsymmetricKeyParameter
 {
     public static final int KEY_SIZE = Ed25519.PUBLIC_KEY_SIZE;
 
-    private final byte[] data = new byte[KEY_SIZE];
+    private final Ed25519.PublicPoint publicPoint;
 
     public Ed25519PublicKeyParameters(byte[] buf)
     {
@@ -24,27 +23,45 @@ public Ed25519PublicKeyParameters(byte[] buf, int off)
     {
         super(false);
 
-        System.arraycopy(buf, off, data, 0, KEY_SIZE);
+        this.publicPoint = parse(buf, off);
     }
 
     public Ed25519PublicKeyParameters(InputStream input) throws IOException
     {
         super(false);
 
+        byte[] data = new byte[KEY_SIZE];
+
         if (KEY_SIZE != Streams.readFully(input, data))
         {
             throw new EOFException("EOF encountered in middle of Ed25519 public key");
         }
+
+        this.publicPoint = parse(data, 0);
+    }
+
+    public Ed25519PublicKeyParameters(Ed25519.PublicPoint publicPoint)
+    {
+        super(false);
+
+        if (publicPoint == null)
+        {
+            throw new NullPointerException("'publicPoint' cannot be null");
+        }
+
+        this.publicPoint = publicPoint;
     }
 
     public void encode(byte[] buf, int off)
     {
-        System.arraycopy(data, 0, buf, off, KEY_SIZE);
+        Ed25519.encodePublicPoint(publicPoint, buf, off);
     }
 
     public byte[] getEncoded()
     {
-        return Arrays.clone(data);
+        byte[] data = new byte[KEY_SIZE];
+        encode(data, 0);
+        return data;
     }
 
     public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msgLen, byte[] sig, int sigOff)
@@ -58,7 +75,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("ctx");
             }
 
-            return Ed25519.verify(sig, sigOff, data, 0, msg, msgOff, msgLen);
+            return Ed25519.verify(sig, sigOff, publicPoint, msg, msgOff, msgLen);
         }
         case Ed25519.Algorithm.Ed25519ctx:
         {
@@ -71,7 +88,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("ctx");
             }
 
-            return Ed25519.verify(sig, sigOff, data, 0, ctx, msg, msgOff, msgLen);
+            return Ed25519.verify(sig, sigOff, publicPoint, ctx, msg, msgOff, msgLen);
         }
         case Ed25519.Algorithm.Ed25519ph:
         {
@@ -88,7 +105,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("msgLen");
             }
 
-            return Ed25519.verifyPrehash(sig, sigOff, data, 0, ctx, msg, msgOff);
+            return Ed25519.verifyPrehash(sig, sigOff, publicPoint, ctx, msg, msgOff);
         }
         default:
         {
@@ -97,6 +114,16 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
         }
     }
 
+    private static Ed25519.PublicPoint parse(byte[] buf, int off)
+    {
+        Ed25519.PublicPoint publicPoint = Ed25519.validatePublicKeyPartialExport(buf, off);
+        if (publicPoint == null)
+        {
+            throw new IllegalArgumentException("invalid public key");
+        }
+        return publicPoint;
+    }
+
     private static byte[] validate(byte[] buf)
     {
         if (buf.length != KEY_SIZE)

core/src/main/java/org/bouncycastle/crypto/params/Ed448PrivateKeyParameters.java

@@ -64,9 +64,7 @@ public Ed448PublicKeyParameters generatePublicKey()
         {
             if (null == cachedPublicKey)
             {
-                byte[] publicKey = new byte[Ed448.PUBLIC_KEY_SIZE];
-                Ed448.generatePublicKey(data, 0, publicKey, 0);
-                cachedPublicKey = new Ed448PublicKeyParameters(publicKey, 0);
+                cachedPublicKey = new Ed448PublicKeyParameters(Ed448.generatePublicKey(data, 0));
             }
 
             return cachedPublicKey;

core/src/main/java/org/bouncycastle/crypto/params/Ed448PublicKeyParameters.java

@@ -5,15 +5,14 @@
 import java.io.InputStream;
 
 import org.bouncycastle.math.ec.rfc8032.Ed448;
-import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.io.Streams;
 
 public final class Ed448PublicKeyParameters
     extends AsymmetricKeyParameter
 {
     public static final int KEY_SIZE = Ed448.PUBLIC_KEY_SIZE;
 
-    private final byte[] data = new byte[KEY_SIZE];
+    private final Ed448.PublicPoint publicPoint;
 
     public Ed448PublicKeyParameters(byte[] buf)
     {
@@ -24,27 +23,45 @@ public Ed448PublicKeyParameters(byte[] buf, int off)
     {
         super(false);
 
-        System.arraycopy(buf, off, data, 0, KEY_SIZE);
+        this.publicPoint = parse(buf, off);
     }
 
     public Ed448PublicKeyParameters(InputStream input) throws IOException
     {
         super(false);
 
+        byte[] data = new byte[KEY_SIZE];
+
         if (KEY_SIZE != Streams.readFully(input, data))
         {
             throw new EOFException("EOF encountered in middle of Ed448 public key");
         }
+
+        this.publicPoint = parse(data, 0);
+    }
+
+    public Ed448PublicKeyParameters(Ed448.PublicPoint publicPoint)
+    {
+        super(false);
+
+        if (publicPoint == null)
+        {
+            throw new NullPointerException("'publicPoint' cannot be null");
+        }
+
+        this.publicPoint = publicPoint;
     }
 
     public void encode(byte[] buf, int off)
     {
-        System.arraycopy(data, 0, buf, off, KEY_SIZE);
+        Ed448.encodePublicPoint(publicPoint, buf, off);
     }
 
     public byte[] getEncoded()
     {
-        return Arrays.clone(data);
+        byte[] data = new byte[KEY_SIZE];
+        encode(data, 0);
+        return data;
     }
 
     public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msgLen, byte[] sig, int sigOff)
@@ -62,7 +79,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("ctx");
             }
 
-            return Ed448.verify(sig, sigOff, data, 0, ctx, msg, msgOff, msgLen);
+            return Ed448.verify(sig, sigOff, publicPoint, ctx, msg, msgOff, msgLen);
         }
         case Ed448.Algorithm.Ed448ph:
         {
@@ -79,7 +96,7 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
                 throw new IllegalArgumentException("msgLen");
             }
 
-            return Ed448.verifyPrehash(sig, sigOff, data, 0, ctx, msg, msgOff);
+            return Ed448.verifyPrehash(sig, sigOff, publicPoint, ctx, msg, msgOff);
         }
         default:
         {
@@ -88,6 +105,16 @@ public boolean verify(int algorithm, byte[] ctx, byte[] msg, int msgOff, int msg
         }
     }
 
+    private static Ed448.PublicPoint parse(byte[] buf, int off)
+    {
+        Ed448.PublicPoint publicPoint = Ed448.validatePublicKeyPartialExport(buf, off);
+        if (publicPoint == null)
+        {
+            throw new IllegalArgumentException("invalid public key");
+        }
+        return publicPoint;
+    }
+
     private static byte[] validate(byte[] buf)
     {
         if (buf.length != KEY_SIZE)

core/src/main/java/org/bouncycastle/math/ec/rfc7748/X25519Field.java

@@ -152,13 +152,27 @@ public static void decode(int[] x, int xOff, int[] z)
         z[9] &= M24;
     }
 
+    public static void decode(byte[] x, int[] z)
+    {
+        decode128(x, 0, z, 0);
+        decode128(x, 16, z, 5);
+        z[9] &= M24;
+    }
+
     public static void decode(byte[] x, int xOff, int[] z)
     {
         decode128(x, xOff, z, 0);
         decode128(x, xOff + 16, z, 5);
         z[9] &= M24;
     }
 
+    public static void decode(byte[] x, int xOff, int[] z, int zOff)
+    {
+        decode128(x, xOff, z, zOff);
+        decode128(x, xOff + 16, z, zOff + 5);
+        z[zOff + 9] &= M24;
+    }
+
     private static void decode128(int[] is, int off, int[] z, int zOff)
     {
         int t0 = is[off + 0], t1 = is[off + 1], t2 = is[off + 2], t3 = is[off + 3];
@@ -199,12 +213,24 @@ public static void encode(int[] x, int[] z, int zOff)
         encode128(x, 5, z, zOff + 4);
     }
 
+    public static void encode(int[] x, byte[] z)
+    {
+        encode128(x, 0, z, 0);
+        encode128(x, 5, z, 16);
+    }
+
     public static void encode(int[] x, byte[] z, int zOff)
     {
         encode128(x, 0, z, zOff);
         encode128(x, 5, z, zOff + 16);
     }
 
+    public static void encode(int[] x, int xOff, byte[] z, int zOff)
+    {
+        encode128(x, xOff, z, zOff);
+        encode128(x, xOff + 5, z, zOff + 16);
+    }
+
     private static void encode128(int[] x, int xOff, int[] is, int off)
     {
         int x0 = x[xOff + 0], x1 = x[xOff + 1], x2 = x[xOff + 2], x3 = x[xOff + 3], x4 = x[xOff + 4];