Refactor ElephantEngine xorTo

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/engines/ElephantEngine.java

@@ -343,11 +343,9 @@ private void computerCipherBlock(byte[] input, int inOff, int blockSize, byte[]
     {
         System.arraycopy(npub, 0, buffer, 0, IV_SIZE);
         Arrays.fill(buffer, IV_SIZE, BlockSize, (byte)0);
-        Bytes.xorTo(BlockSize, current_mask, buffer);
-        Bytes.xorTo(BlockSize, next_mask, buffer);
+        xorTo(BlockSize, current_mask, next_mask, buffer);
         instance.permutation(buffer);
-        Bytes.xorTo(BlockSize, current_mask, buffer);
-        Bytes.xorTo(BlockSize, next_mask, buffer);
+        xorTo(BlockSize, current_mask, next_mask, buffer);
 
         Bytes.xorTo(blockSize, input, inOff, buffer);
         System.arraycopy(buffer, 0, output, outOff, blockSize);
@@ -372,11 +370,9 @@ private void absorbAAD()
 
     private void absorbCiphertext()
     {
-        Bytes.xorTo(BlockSize, previous_mask, buffer);
-        Bytes.xorTo(BlockSize, next_mask, buffer);
+        xorTo(BlockSize, previous_mask, next_mask, buffer);
         instance.permutation(buffer);
-        Bytes.xorTo(BlockSize, previous_mask, buffer);
-        Bytes.xorTo(BlockSize, next_mask, buffer);
+        xorTo(BlockSize, previous_mask, next_mask, buffer);
         Bytes.xorTo(BlockSize, buffer, tag_buffer);
     }
 
@@ -601,7 +597,7 @@ private void processBytes(byte[] m, byte[] output, int outOff, int nb_it, int nb
                 // If clen is divisible by BLOCK_SIZE, add an additional padding block
                 if (block_offset == mlen)
                 {
-                    Arrays.fill(buffer, 0, BlockSize, (byte)0);
+                    Arrays.fill(buffer, 1, BlockSize, (byte)0);
                     buffer[0] = 0x01;
                 }
                 else
@@ -637,4 +633,12 @@ private void processBytes(byte[] m, byte[] output, int outOff, int nb_it, int nb
         }
         nb_its = i;
     }
+
+    public static void xorTo(int len, byte[] x, byte[] y, byte[] z)
+    {
+        for (int i = 0; i < len; ++i)
+        {
+            z[i] ^= x[i] ^ y[i];
+        }
+    }
 }

core/src/main/java/org/bouncycastle/crypto/engines/GiftCofbEngine.java

@@ -17,7 +17,7 @@ public class GiftCofbEngine
     private byte[] input;
     private byte[] offset;
     /*Round constants*/
-    private final byte[] GIFT_RC = {
+    private static final byte[] GIFT_RC = {
         (byte)0x01, (byte)0x03, (byte)0x07, (byte)0x0F, (byte)0x1F, (byte)0x3E, (byte)0x3D, (byte)0x3B, (byte)0x37, (byte)0x2F,
         (byte)0x1E, (byte)0x3C, (byte)0x39, (byte)0x33, (byte)0x27, (byte)0x0E, (byte)0x1D, (byte)0x3A, (byte)0x35, (byte)0x2B,
         (byte)0x16, (byte)0x2C, (byte)0x18, (byte)0x30, (byte)0x21, (byte)0x02, (byte)0x05, (byte)0x0B, (byte)0x17, (byte)0x2E,
@@ -28,7 +28,7 @@ public GiftCofbEngine()
     {
         AADBufferSize = BlockSize = MAC_SIZE = IV_SIZE = KEY_SIZE = 16;
         algorithmName = "GIFT-COFB AEAD";
-        setInnerMembers(ProcessingBufferType.Buffered, AADOperatorType.Counter, DataOperatorType.Counter);
+        setInnerMembers(ProcessingBufferType.Buffered, AADOperatorType.Default, DataOperatorType.Counter);
     }
 
     private int rowperm(int S, int B0_pos, int B1_pos, int B2_pos, int B3_pos)
@@ -205,8 +205,7 @@ protected void processFinalAAD()
         /* full byte[]: offset = 3*offset */
         /* partial byte[]: offset = 3^2*offset */
         triple_half_block(offset, offset);
-        int aadLen = aadOperator.getLen();
-        if (((aadLen & 15) != 0) || m_state == State.DecInit || m_state == State.EncInit)
+        if (((m_aadPos & 15) != 0) || m_state == State.DecInit || m_state == State.EncInit)
         {
             triple_half_block(offset, offset);
         }

core/src/main/java/org/bouncycastle/crypto/engines/RomulusEngine.java

@@ -442,7 +442,6 @@ public void processBufferDecrypt(byte[] input, int inOff, byte[] output, int out
         @Override
         public void reset()
         {
-            Arrays.clear(CNT);
             Arrays.clear(s);
             reset_lfsr_gf56(CNT);
             twist = true;
@@ -622,15 +621,14 @@ public void processBufferDecrypt(byte[] input, int inOff, byte[] output, int out
         @Override
         public void reset()
         {
-            Arrays.clear(Z);
             Arrays.clear(h);
             Arrays.clear(g);
             Arrays.clear(LR);
             Arrays.clear(T);
             Arrays.clear(S);
             Arrays.clear(CNT_Z);
             reset_lfsr_gf56(CNT);
-            System.arraycopy(npub, 0, Z, 0, 16);
+            System.arraycopy(npub, 0, Z, 0, IV_SIZE);
             block_cipher(Z, k, T, 0, CNT_Z, (byte)66);
             reset_lfsr_gf56(CNT_Z);
         }