Fix KXTSBlockCipher

gefeili · gefeili · commit 4a369f08c2b8 · 2025-03-28T11:19:42.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/KXTSBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/KXTSBlockCipher.java
@@ -123,7 +123,12 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out
         {
             throw new IllegalArgumentException("Partial blocks not supported");
         }
-
+        if (input == output && segmentsOverlap(inOff, len, outOff, len))
+        {
+            input = new byte[len];
+            System.arraycopy(output, inOff, input, 0, len);
+            inOff = 0;
+        }
         for (int pos = 0; pos < len; pos += blockSize)
         {
             processBlocks(input, inOff + pos, output, outOff + pos);
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/DSTU7624Test.java b/core/src/test/java/org/bouncycastle/crypto/test/DSTU7624Test.java
@@ -96,6 +96,7 @@ public void performTest()
         CCMModeTests();
         XTSModeTests();
         GCMModeTests();
+        testOverlapping();
     }
 
     public static void main(
@@ -1464,4 +1465,41 @@ private void doFinalTest(AEADBlockCipher cipher, byte[] key, byte[] iv, byte[] a
             fail("Failed doFinal test - after: " + cipher.getAlgorithmName());
         }
     }
+
+    private void testOverlapping()
+    {
+        SecureRandom random = new SecureRandom();
+        byte[] keyBytes = new byte[16];
+        byte[] iv = new byte[16];
+        random.nextBytes(keyBytes);
+        KXTSBlockCipher bc = new KXTSBlockCipher(new DSTU7624Engine(128));
+        ParametersWithIV param = new ParametersWithIV(new KeyParameter(keyBytes), iv);
+
+        int offset = 1 + random.nextInt(bc.getBlockSize() - 1) + bc.getBlockSize();
+        byte[] data = new byte[bc.getBlockSize() * 4 + offset];
+        byte[] expected = new byte[bc.getOutputSize(bc.getBlockSize() * 3)];
+        random.nextBytes(data);
+
+        bc.init(true, param);
+        int len = bc.processBytes(data, 0, expected.length, expected, 0);
+        bc.doFinal(expected, len);
+        bc.init(true, param);
+        len = bc.processBytes(data, 0, expected.length, data, offset);
+        bc.doFinal(data, offset + len);
+
+        if (!areEqual(expected, Arrays.copyOfRange(data, offset, offset + expected.length)))
+        {
+            fail("failed to overlapping of encryption");
+        }
+
+        bc.init(false, param);
+        bc.processBytes(data, 0, expected.length, expected, 0);
+        bc.init(false, param);
+        bc.processBytes(data, 0, expected.length, data, offset);
+
+        if (!areEqual(expected, Arrays.copyOfRange(data, offset, offset + expected.length)))
+        {
+            fail("failed to overlapping of encryption");
+        }
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,12 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out`
`123`	`123`	`{`
`124`	`124`	`throw new IllegalArgumentException("Partial blocks not supported");`
`125`	`125`	`}`
`126`		`-`
	`126`	`+ if (input == output && segmentsOverlap(inOff, len, outOff, len))`
	`127`	`+ {`
	`128`	`+ input = new byte[len];`
	`129`	`+ System.arraycopy(output, inOff, input, 0, len);`
	`130`	`+ inOff = 0;`
	`131`	`+ }`
`127`	`132`	`for (int pos = 0; pos < len; pos += blockSize)`
`128`	`133`	`{`
`129`	`134`	`processBlocks(input, inOff + pos, output, outOff + pos);`