Merge branch 'io-overlap-dbbc-child' into 'main'

dghgit · dghgit · commit 7f073f76ff30 · 2025-04-20T08:19:46.000Z
Io overlap dbbc child

See merge request root/bc-java!87
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/ChaCha20Poly1305.java b/core/src/main/java/org/bouncycastle/crypto/modes/ChaCha20Poly1305.java
@@ -307,6 +307,12 @@ public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) t
         {
             throw new IllegalArgumentException("'outOff' cannot be negative");
         }
+        if (in == out && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))
+        {
+            in = new byte[len];
+            System.arraycopy(out, inOff, in, 0, len);
+            inOff = 0;
+        }
 
         checkData();
 
@@ -611,4 +617,10 @@ private void reset(boolean clearMac, boolean resetCipher)
             processAADBytes(initialAAD, 0, initialAAD.length);
         }
     }
+
+    protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)
+    {
+        // please ensure a valid check for inLen > 0 and outLen > 0 outside this function
+        return inOff <= outOff + outLen && outOff <= inOff + inLen;
+    }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java
@@ -224,6 +224,12 @@ public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
         {
             throw new DataLengthException("Input buffer too short");
         }
+        if (in == out && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))
+        {
+            in = new byte[len];
+            System.arraycopy(out, inOff, in, 0, len);
+            inOff = 0;
+        }
 
         int resultLen = 0;
 
@@ -384,4 +390,10 @@ private boolean verifyMac(byte[] mac, int off)
 
         return nonEqual == 0;
     }
+
+    protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)
+    {
+        // please ensure a valid check for inLen > 0 and outLen > 0 outside this function
+        return inOff <= outOff + outLen && outOff <= inOff + inLen;
+    }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java
@@ -383,7 +383,12 @@ public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)
         {
             throw new DataLengthException("Input buffer too short");
         }
-
+        if (in == out && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))
+        {
+            in = new byte[len];
+            System.arraycopy(out, inOff, in, 0, len);
+            inOff = 0;
+        }
         int resultLen = 0;
 
         if (forEncryption)
@@ -749,4 +754,10 @@ private void checkStatus()
             throw new IllegalStateException("GCM cipher needs to be initialised");
         }
     }
+
+    protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)
+    {
+        // please ensure a valid check for inLen > 0 and outLen > 0 outside this function
+        return inOff <= outOff + outLen && outOff <= inOff + inLen;
+    }
 }
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/OCBBlockCipher.java
@@ -333,7 +333,12 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out
             throw new DataLengthException("Input buffer too short");
         }
         int resultLen = 0;
-
+        if (input == output && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))
+        {
+            input = new byte[len];
+            System.arraycopy(output, inOff, input, 0, len);
+            inOff = 0;
+        }
         for (int i = 0; i < len; ++i)
         {
             mainBlock[mainBlockPos] = input[inOff + i];
@@ -592,4 +597,10 @@ protected static void xor(byte[] block, byte[] val)
     {
         Bytes.xorTo(16, val, block);
     }
+
+    protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)
+    {
+        // please ensure a valid check for inLen > 0 and outLen > 0 outside this function
+        return inOff <= outOff + outLen && outOff <= inOff + inLen;
+    }
 }
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/ChaCha20Poly1305Test.java b/core/src/test/java/org/bouncycastle/crypto/test/ChaCha20Poly1305Test.java
@@ -3,10 +3,13 @@
 import java.security.SecureRandom;
 
 import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.engines.AESEngine;
 import org.bouncycastle.crypto.macs.SipHash;
+import org.bouncycastle.crypto.modes.CTSBlockCipher;
 import org.bouncycastle.crypto.modes.ChaCha20Poly1305;
 import org.bouncycastle.crypto.params.AEADParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Strings;
 import org.bouncycastle.util.Times;
 import org.bouncycastle.util.encoders.Hex;
@@ -48,6 +51,7 @@ public String getName()
 
     public void performTest() throws Exception
     {
+        testOverlapping();
         for (int i = 0; i < TEST_VECTORS.length; ++i)
         {
             runTestCase(TEST_VECTORS[i]);
@@ -439,6 +443,55 @@ private void testExceptions() throws InvalidCipherTextException
         }
     }
 
+    private void testOverlapping()
+        throws Exception
+    {
+        SecureRandom random = new SecureRandom();
+        int kLength = 32;
+        byte[] K = new byte[kLength];
+        random.nextBytes(K);
+
+        int aLength = random.nextInt() >>> 24;
+        byte[] A = new byte[aLength];
+        random.nextBytes(A);
+
+        int nonceLength = 12;
+        byte[] nonce = new byte[nonceLength];
+        random.nextBytes(nonce);
+
+        AEADParameters parameters = new AEADParameters(new KeyParameter(K), 16 * 8, nonce, A);
+
+        ChaCha20Poly1305 bc = initCipher(true, parameters);
+
+        final int blockSize = 64;
+        int offset = 1 + random.nextInt(blockSize - 1) + blockSize;
+        byte[] data = new byte[blockSize * 4 + offset];
+        byte[] expected = new byte[bc.getOutputSize(blockSize * 3)];
+        random.nextBytes(data);
+
+
+        int len = bc.processBytes(data, 0, blockSize * 3, expected, 0);
+        bc.doFinal(expected, len);
+        bc = initCipher(true, parameters);
+        len = bc.processBytes(data, 0, blockSize * 3, data, offset);
+        bc.doFinal(data, offset + len);
+
+        if (!areEqual(expected, Arrays.copyOfRange(data, offset, offset + expected.length)))
+        {
+            fail("failed to overlapping of encryption");
+        }
+
+        bc = initCipher(false, parameters);
+        bc.processBytes(data, 0, expected.length, expected, 0);
+        bc = initCipher(true, parameters);
+        bc.processBytes(data, 0, expected.length, data, offset);
+
+        if (!areEqual(expected, Arrays.copyOfRange(data, offset, offset + expected.length)))
+        {
+            fail("failed to overlapping of encryption");
+        }
+    }
+
     public static void main(String[] args)
     {
         runTest(new ChaCha20Poly1305Test());
diff --git a/prov/src/test/java/org/bouncycastle/jce/provider/test/BlockCipherTest.java b/prov/src/test/java/org/bouncycastle/jce/provider/test/BlockCipherTest.java
@@ -50,6 +50,7 @@
 import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.test.SimpleTest;
 import org.bouncycastle.util.test.TestFailedException;
+import org.junit.Assert;
 
 /**
  * basic test class for a block cipher, basically this just exercises the provider, and makes sure we
@@ -850,6 +851,61 @@ else if (algorithm.startsWith("RC5"))
             fail("" + algorithm + " failed encryption - expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(bytes)));
         }
 
+        //
+        // Try the doFinal - same input/output same index, index
+        //
+        byte[] data = Arrays.concatenate(input, new byte[2 * in.getBlockSize()]);
+        int len = 0;
+        try
+        {
+            if (algorithm.indexOf("GCM") > 0)
+            {
+                out = Cipher.getInstance(algorithm, "BC");
+                out.init(Cipher.ENCRYPT_MODE, key, rand);
+            }
+
+            len = out.doFinal(data, 0, input.length, data, 0);
+        }
+        catch (Exception e)
+        {
+            Assert.fail(e.toString());
+        }
+
+        if (!Arrays.areEqual(data, 0, len, output, 0, output.length))
+        {
+            Assert.fail("" + algorithm + " failed doFinal - expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(data)));
+        }
+
+        //
+        // Try the doFinal - same input/output shifted offset
+        //
+        data = Arrays.concatenate(input, new byte[2 * in.getBlockSize()]);
+        len = 0;
+        try
+        {
+
+            if (algorithm.indexOf("GCM") > 0)
+            {
+                out = Cipher.getInstance(algorithm, "BC");
+                out.init(Cipher.ENCRYPT_MODE, key, rand);
+            }
+
+            len = out.doFinal(data, 0, input.length, data, 1);
+
+//            System.out.println(Hex.toHexString(output));
+//            System.out.println(Hex.toHexString(Arrays.copyOfRange(data, 1, 1 + len)));
+//            System.out.println(len + " " + output.length);
+        }
+        catch (Exception e)
+        {
+            Assert.fail(e.toString());
+        }
+
+        if (!Arrays.areEqual(data, 1, 1 + len, output, 0, output.length))
+        {
+            Assert.fail("" + algorithm + " failed doFinal - expected " + new String(Hex.encode(output)) + " got " + new String(Hex.encode(data)));
+        }
+
         //
         // decryption pass
         //

Original file line number	Diff line number	Diff line change
`@@ -307,6 +307,12 @@ public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff) t`
`307`	`307`	`{`
`308`	`308`	`throw new IllegalArgumentException("'outOff' cannot be negative");`
`309`	`309`	`}`
	`310`	`+ if (in == out && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))`
	`311`	`+ {`
	`312`	`+ in = new byte[len];`
	`313`	`+ System.arraycopy(out, inOff, in, 0, len);`
	`314`	`+ inOff = 0;`
	`315`	`+ }`
`310`	`316`
`311`	`317`	`checkData();`
`312`	`318`
`@@ -611,4 +617,10 @@ private void reset(boolean clearMac, boolean resetCipher)`
`611`	`617`	`processAADBytes(initialAAD, 0, initialAAD.length);`
`612`	`618`	`}`
`613`	`619`	`}`
	`620`	`+`
	`621`	`+ protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)`
	`622`	`+ {`
	`623`	`+ // please ensure a valid check for inLen > 0 and outLen > 0 outside this function`
	`624`	`+ return inOff <= outOff + outLen && outOff <= inOff + inLen;`
	`625`	`+ }`
`614`	`626`	`}`
Original file line number	Diff line number	Diff line change
`@@ -224,6 +224,12 @@ public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)`
`224`	`224`	`{`
`225`	`225`	`throw new DataLengthException("Input buffer too short");`
`226`	`226`	`}`
	`227`	`+ if (in == out && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))`
	`228`	`+ {`
	`229`	`+ in = new byte[len];`
	`230`	`+ System.arraycopy(out, inOff, in, 0, len);`
	`231`	`+ inOff = 0;`
	`232`	`+ }`
`227`	`233`
`228`	`234`	`int resultLen = 0;`
`229`	`235`
`@@ -384,4 +390,10 @@ private boolean verifyMac(byte[] mac, int off)`
`384`	`390`
`385`	`391`	`return nonEqual == 0;`
`386`	`392`	`}`
	`393`	`+`
	`394`	`+ protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)`
	`395`	`+ {`
	`396`	`+ // please ensure a valid check for inLen > 0 and outLen > 0 outside this function`
	`397`	`+ return inOff <= outOff + outLen && outOff <= inOff + inLen;`
	`398`	`+ }`
`387`	`399`	`}`
Original file line number	Diff line number	Diff line change
`@@ -383,7 +383,12 @@ public int processBytes(byte[] in, int inOff, int len, byte[] out, int outOff)`
`383`	`383`	`{`
`384`	`384`	`throw new DataLengthException("Input buffer too short");`
`385`	`385`	`}`
`386`		`-`
	`386`	`+ if (in == out && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))`
	`387`	`+ {`
	`388`	`+ in = new byte[len];`
	`389`	`+ System.arraycopy(out, inOff, in, 0, len);`
	`390`	`+ inOff = 0;`
	`391`	`+ }`
`387`	`392`	`int resultLen = 0;`
`388`	`393`
`389`	`394`	`if (forEncryption)`
`@@ -749,4 +754,10 @@ private void checkStatus()`
`749`	`754`	`throw new IllegalStateException("GCM cipher needs to be initialised");`
`750`	`755`	`}`
`751`	`756`	`}`
	`757`	`+`
	`758`	`+ protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)`
	`759`	`+ {`
	`760`	`+ // please ensure a valid check for inLen > 0 and outLen > 0 outside this function`
	`761`	`+ return inOff <= outOff + outLen && outOff <= inOff + inLen;`
	`762`	`+ }`
`752`	`763`	`}`
Original file line number	Diff line number	Diff line change
`@@ -333,7 +333,12 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out`
`333`	`333`	`throw new DataLengthException("Input buffer too short");`
`334`	`334`	`}`
`335`	`335`	`int resultLen = 0;`
`336`		`-`
	`336`	`+ if (input == output && segmentsOverlap(inOff, len, outOff, getUpdateOutputSize(len)))`
	`337`	`+ {`
	`338`	`+ input = new byte[len];`
	`339`	`+ System.arraycopy(output, inOff, input, 0, len);`
	`340`	`+ inOff = 0;`
	`341`	`+ }`
`337`	`342`	`for (int i = 0; i < len; ++i)`
`338`	`343`	`{`
`339`	`344`	`mainBlock[mainBlockPos] = input[inOff + i];`
`@@ -592,4 +597,10 @@ protected static void xor(byte[] block, byte[] val)`
`592`	`597`	`{`
`593`	`598`	`Bytes.xorTo(16, val, block);`
`594`	`599`	`}`
	`600`	`+`
	`601`	`+ protected boolean segmentsOverlap(int inOff, int inLen, int outOff, int outLen)`
	`602`	`+ {`
	`603`	`+ // please ensure a valid check for inLen > 0 and outLen > 0 outside this function`
	`604`	`+ return inOff <= outOff + outLen && outOff <= inOff + inLen;`
	`605`	`+ }`
`595`	`606`	`}`