Update AEAD modes

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java

@@ -224,6 +224,12 @@ public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
         {
             throw new DataLengthException("Input buffer too short");
         }
+        if (in == out && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))
+        {
+            in = new byte[len];
+            System.arraycopy(out, inOff, in, 0, len);
+            inOff = 0;
+        }
 
         int resultLen = 0;
 
@@ -384,4 +390,10 @@ private boolean verifyMac(byte[] mac, int off)
 
         return nonEqual == 0;
     }
+
+    protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)
+    {
+        // please ensure a valid check for inLen > 0 and outLen > 0 outside this function
+        return inOff <= outOff + outLen && outOff <= inOff + inLen;
+    }
 }

core/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java

@@ -383,7 +383,12 @@ public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
         {
             throw new DataLengthException("Input buffer too short");
         }
-
+        if (in == out && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))
+        {
+            in = new byte[len];
+            System.arraycopy(out, inOff, in, 0, len);
+            inOff = 0;
+        }
         int resultLen = 0;
 
         if (forEncryption)
@@ -749,4 +754,10 @@ private void checkStatus()
             throw new IllegalStateException("GCM cipher needs to be initialised");
         }
     }
+
+    protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)
+    {
+        // please ensure a valid check for inLen > 0 and outLen > 0 outside this function
+        return inOff <= outOff + outLen && outOff <= inOff + inLen;
+    }
 }

core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java

@@ -333,7 +333,12 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out
             throw new DataLengthException("Input buffer too short");
         }
         int resultLen = 0;
-
+        if (input == output && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))
+        {
+            input = new byte[len];
+            System.arraycopy(output, inOff, input, 0, len);
+            inOff = 0;
+        }
         for (int i = 0; i < len; ++i)
         {
             mainBlock[mainBlockPos] = input[inOff + i];
@@ -592,4 +597,10 @@ protected static void xor(byte[] block, byte[] val)
     {
         Bytes.xorTo(16, val, block);
     }
+
+    protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)
+    {
+        // please ensure a valid check for inLen > 0 and outLen > 0 outside this function
+        return inOff <= outOff + outLen && outOff <= inOff + inLen;
+    }
 }

prov/src/test/java/org/bouncycastle/jce/provider/test/BlockCipherTest.java

@@ -50,6 +50,7 @@
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.SimpleTest;
 import org.bouncycastle.util.test.TestFailedException;
+import org.junit.Assert;
 
 /**
  * basic test class for a block cipher, basically this just exercises the provider, and makes sure we
@@ -850,6 +851,61 @@ else if (algorithm.startsWith("RC5"))
             fail("" + algorithm + " failed encryption - expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(bytes)));
         }
 
+        //
+        // Try the doFinal - same input/output same index, index
+        //
+        byte[] data = Arrays.concatenate(input, new byte[2 * in.getBlockSize()]);
+        int len = 0;
+        try
+        {
+            if (algorithm.indexOf("GCM") > 0)
+            {
+                out = Cipher.getInstance(algorithm, "BC");
+                out.init(Cipher.ENCRYPT_MODE, key, rand);
+            }
+
+            len = out.doFinal(data, 0, input.length, data, 0);
+        }
+        catch (Exception e)
+        {
+            Assert.fail(e.toString());
+        }
+
+        if (!Arrays.areEqual(data, 0, len, output, 0, output.length))
+        {
+            Assert.fail("" + algorithm + " failed doFinal - expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(data)));
+        }
+
+        //
+        // Try the doFinal - same input/output shifted offset
+        //
+        data = Arrays.concatenate(input, new byte[2 * in.getBlockSize()]);
+        len = 0;
+        try
+        {
+
+            if (algorithm.indexOf("GCM") > 0)
+            {
+                out = Cipher.getInstance(algorithm, "BC");
+                out.init(Cipher.ENCRYPT_MODE, key, rand);
+            }
+
+            len = out.doFinal(data, 0, input.length, data, 1);
+
+//            System.out.println(Hex.toHexString(output));
+//            System.out.println(Hex.toHexString(Arrays.copyOfRange(data, 1, 1 + len)));
+//            System.out.println(len + " " + output.length);
+        }
+        catch (Exception e)
+        {
+            Assert.fail(e.toString());
+        }
+
+        if (!Arrays.areEqual(data, 1, 1 + len, output, 0, output.length))
+        {
+            Assert.fail("" + algorithm + " failed doFinal - expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(data)));
+        }
+
         //
         // decryption pass
         //