Refactor around Ascon

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/digests/AsconBaseDigest.java

@@ -1,10 +1,9 @@
 package org.bouncycastle.crypto.digests;
 
-import java.io.ByteArrayOutputStream;
-
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.ExtendedDigest;
 import org.bouncycastle.crypto.OutputLengthException;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Longs;
 
 abstract class AsconBaseDigest
@@ -18,8 +17,10 @@ abstract class AsconBaseDigest
     protected final int CRYPTO_BYTES = 32;
     protected final int ASCON_HASH_RATE = 8;
     protected int ASCON_PB_ROUNDS = 12;
+    protected final byte[] m_buf = new byte[ASCON_HASH_RATE];
+    protected int m_bufPos = 0;
+
 
-    protected final ByteArrayOutputStream buffer = new ByteArrayOutputStream();
     private void round(long C)
     {
         long t0 = x0 ^ x1 ^ x2 ^ x3 ^ C ^ (x1 & (x0 ^ x2 ^ x4 ^ C));
@@ -77,7 +78,13 @@ public int getByteLength()
     @Override
     public void update(byte in)
     {
-        buffer.write(in);
+        m_buf[m_bufPos] = in;
+        if (++m_bufPos == ASCON_HASH_RATE)
+        {
+            x0 ^= loadBytes(m_buf, 0, ASCON_HASH_RATE);
+            p(ASCON_PB_ROUNDS);
+            m_bufPos = 0;
+        }
     }
 
     @Override
@@ -87,32 +94,62 @@ public void update(byte[] input, int inOff, int len)
         {
             throw new DataLengthException("input buffer too short");
         }
-        buffer.write(input, inOff, len);
-    }
-
-    protected void absorb(byte[] input, int len)
-    {
-        int inOff = 0;
-        /* absorb full plaintext blocks */
-        while (len >= ASCON_HASH_RATE)
+        int available = 8 - m_bufPos;
+        if (len < available)
         {
-            x0 ^= loadBytes(input, inOff, 8);
+            System.arraycopy(input, inOff, m_buf, m_bufPos, len);
+            m_bufPos += len;
+            return;
+        }
+        int inPos = 0;
+        if (m_bufPos > 0)
+        {
+            System.arraycopy(input, inOff, m_buf, m_bufPos, available);
+            inPos += available;
+            x0 ^= loadBytes(m_buf, 0, m_buf.length);
             p(ASCON_PB_ROUNDS);
-            inOff += ASCON_HASH_RATE;
-            len -= ASCON_HASH_RATE;
         }
-        /* absorb final plaintext block */
-        x0 ^= loadBytes(input, inOff, len);
-        x0 ^= pad(len);
+        int remaining;
+        while ((remaining = len - inPos) >= 8)
+        {
+            x0 ^= loadBytes(input, inOff + inPos, m_buf.length);
+            p(ASCON_PB_ROUNDS);
+            inPos += 8;
+        }
+        System.arraycopy(input, inOff + inPos, m_buf, 0, remaining);
+        m_bufPos = remaining;
+    }
+
+    protected void finishAbsorbing()
+    {
+        x0 ^= loadBytes(m_buf, 0, m_bufPos);
+        x0 ^= pad(m_bufPos);
         p(12);
     }
 
+//    protected void absorb(byte[] input, int len)
+//    {
+//        int inOff = 0;
+//        /* absorb full plaintext blocks */
+//        while (len >= ASCON_HASH_RATE)
+//        {
+//            x0 ^= loadBytes(input, inOff, 8);
+//            p(ASCON_PB_ROUNDS);
+//            inOff += ASCON_HASH_RATE;
+//            len -= ASCON_HASH_RATE;
+//        }
+//        /* absorb final plaintext block */
+//        x0 ^= loadBytes(input, inOff, len);
+//        x0 ^= pad(len);
+//        p(12);
+//    }
+
     protected void squeeze(byte[] output, int outOff, int len)
     {
         /* squeeze full output blocks */
         while (len > ASCON_HASH_RATE)
         {
-            setBytes(x0, output, outOff, 8);
+            setBytes(x0, output, outOff, ASCON_HASH_RATE);
             p(ASCON_PB_ROUNDS);
             outOff += ASCON_HASH_RATE;
             len -= ASCON_HASH_RATE;
@@ -128,9 +165,15 @@ protected int hash(byte[] output, int outOff, int outLen)
         {
             throw new OutputLengthException("output buffer is too short");
         }
-        absorb(buffer.toByteArray(), buffer.size());
+        finishAbsorbing();
         /* squeeze full output blocks */
         squeeze(output, outOff, outLen);
         return outLen;
     }
+
+    public void reset()
+    {
+        Arrays.clear(m_buf);
+        m_bufPos = 0;
+    }
 }

core/src/main/java/org/bouncycastle/crypto/digests/AsconCxof128.java

@@ -31,6 +31,7 @@ public AsconCxof128(byte[] s)
         }
         this.s = Arrays.clone(s);
         reset();
+        update(s, 0, s.length);
     }
 
     public AsconCxof128(byte[] s, int off, int len)
@@ -45,6 +46,7 @@ public AsconCxof128(byte[] s, int off, int len)
         }
         this.s = Arrays.copyOfRange(s, off, off + len);
         reset();
+        update(s, 0, s.length);
     }
 
     public AsconCxof128()
@@ -81,11 +83,7 @@ public int doOutput(byte[] output, int outOff, int outLen)
         {
             throw new OutputLengthException("output buffer is too short");
         }
-        if (s != null)
-        {
-            absorb(s, s.length);
-        }
-        absorb(buffer.toByteArray(), buffer.size());
+        finishAbsorbing();
         /* squeeze full output blocks */
         squeeze(output, outOff, outLen);
         return outLen;
@@ -106,7 +104,7 @@ public int doFinal(byte[] output, int outOff, int outLen)
     @Override
     public void reset()
     {
-        buffer.reset();
+        super.reset();
         /* initialize */
         x0 = 7445901275803737603L;
         x1 = 4886737088792722364L;

core/src/main/java/org/bouncycastle/crypto/digests/AsconDigest.java

@@ -71,7 +71,7 @@ public int doFinal(byte[] output, int outOff)
     @Override
     public void reset()
     {
-        buffer.reset();
+        super.reset();
         /* initialize */
         switch (asconParameters)
         {

core/src/main/java/org/bouncycastle/crypto/digests/AsconHash256Digest.java

@@ -51,7 +51,7 @@ public int doFinal(byte[] output, int outOff)
     @Override
     public void reset()
     {
-        buffer.reset();
+        super.reset();
         /* initialize */
         x0 = -7269279749984954751L;
         x1 = 5459383224871899602L;

core/src/main/java/org/bouncycastle/crypto/digests/AsconXof.java

@@ -93,7 +93,7 @@ public int getByteLength()
     @Override
     public void reset()
     {
-        buffer.reset();
+        super.reset();
         /* initialize */
         switch (asconParameters)
         {

core/src/main/java/org/bouncycastle/crypto/digests/AsconXof128.java

@@ -71,7 +71,7 @@ public int getByteLength()
     @Override
     public void reset()
     {
-        buffer.reset();
+        super.reset();
         /* initialize */
         x0 = -2701369817892108309L;
         x1 = -3711838248891385495L;

core/src/main/java/org/bouncycastle/crypto/engines/AsconAEAD128Engine.java

@@ -54,7 +54,6 @@ protected void setBytes(long n, byte[] bs, int off)
         Pack.longToLittleEndian(n, bs, off);
     }
 
-
     protected void ascon_aeadinit()
     {
         /* initialize */
@@ -86,13 +85,11 @@ protected void processFinalDecrypt(byte[] input, int inLen, byte[] output, int o
         if (inLen >= 8) // ASCON_AEAD_RATE == 16 is implied
         {
             long c0 = Pack.littleEndianToLong(input, 0);
-            long c1 = Pack.littleEndianToLong(input, 8, inLen - 8);
-
+            inLen -= 8;
+            long c1 = Pack.littleEndianToLong(input, 8, inLen);
             Pack.longToLittleEndian(x0 ^ c0, output, outOff);
-            Pack.longToLittleEndian(x1 ^ c1, output, outOff + 8, inLen - 8);
-
+            Pack.longToLittleEndian(x1 ^ c1, output, outOff + 8, inLen);
             x0 = c0;
-            inLen -= 8;
             x1 &= -(1L << (inLen << 3));
             x1 |= c1;
             x1 ^= pad(inLen);
@@ -116,10 +113,10 @@ protected void processFinalEncrypt(byte[] input, int inLen, byte[] output, int o
         if (inLen >= 8) // ASCON_AEAD_RATE == 16 is implied
         {
             x0 ^= Pack.littleEndianToLong(input, 0);
-            x1 ^= Pack.littleEndianToLong(input, 8, inLen - 8);
+            inLen -= 8;
+            x1 ^= Pack.littleEndianToLong(input, 8, inLen);
             Pack.longToLittleEndian(x0, output, outOff);
             Pack.longToLittleEndian(x1, output, outOff + 8);
-            inLen -= 8;
             x1 ^= pad(inLen);
         }
         else

core/src/main/java/org/bouncycastle/crypto/engines/AsconBaseEngine.java

@@ -213,6 +213,7 @@ public void processAADByte(byte in)
         if (++m_bufPos == ASCON_AEAD_RATE)
         {
             processBufferAAD(m_buf, 0);
+            m_bufPos = 0;
         }
     }
 

core/src/test/java/org/bouncycastle/crypto/test/AsconTest.java

@@ -1106,7 +1106,7 @@ private void implTestVectorsEngine(AEADCipher ascon, String path, String filenam
             if (a < 0)
             {
                 int count = Integer.parseInt(map.get("Count"));
-//                if (count != 529)
+//                if (count != 34)
 //                {
 //                    continue;
 //                }