Merge branch '2103-romulusM-output-length' into 'main'

dghgit · dghgit · commit 8067e71957f8 · 2025-09-09T06:01:09.000Z
Fix Issue #2103 See merge request root/bc-java!112
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AEADBaseEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/AEADBaseEngine.java
@@ -630,6 +630,7 @@ protected class StreamDataOperator
 
         public int processByte(byte input, byte[] output, int outOff)
         {
+            checkData(false);
             ensureInitialized();
             stream.write(input);
             m_bufPos = stream.size();
@@ -639,6 +640,7 @@ public int processByte(byte input, byte[] output, int outOff)
         @Override
         public int processBytes(byte[] input, int inOff, int len, byte[] output, int outOff)
         {
+            checkData(false);
             ensureInitialized();
             stream.write(input, inOff, len);
             m_bufPos = stream.size();
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/RomulusTest.java b/core/src/test/java/org/bouncycastle/crypto/test/RomulusTest.java
@@ -1,16 +1,117 @@
 package org.bouncycastle.crypto.test;
 
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherKeyGenerator;
 import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.digests.RomulusDigest;
 import org.bouncycastle.crypto.engines.RomulusEngine;
 import org.bouncycastle.crypto.modes.AEADCipher;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.test.SimpleTest;
 
 public class RomulusTest
     extends SimpleTest
 {
+    /**
+     * Data length.
+     */
+    private static final int DATALEN = 1025;
+
+    /**
+     * AEAD length.
+     */
+    private static final int AEADLEN = 10;
+
+
+    /**
+     * Check cipher.
+     *
+     * @param pCipher the cipher
+     */
+    private static void checkCipher(final AEADCipher pCipher,
+                                    final int pNonceLen)
+        throws Exception
+    {
+        try
+        {
+            /* Obtain some random data */
+            final byte[] myData = new byte[DATALEN];
+            final SecureRandom myRandom = new SecureRandom();
+            myRandom.nextBytes(myData);
+
+            /* Obtain some random AEAD */
+            final byte[] myAEAD = new byte[AEADLEN];
+            myRandom.nextBytes(myAEAD);
+
+            /* Create the Key parameters */
+            final CipherKeyGenerator myGenerator = new CipherKeyGenerator();
+            final KeyGenerationParameters myGenParams = new KeyGenerationParameters(myRandom, 128);
+            myGenerator.init(myGenParams);
+            final byte[] myKey = myGenerator.generateKey();
+            final KeyParameter myKeyParams = new KeyParameter(myKey);
+
+            /* Create the nonce */
+            final byte[] myNonce = new byte[pNonceLen];
+            myRandom.nextBytes(myNonce);
+            final ParametersWithIV myParams = new ParametersWithIV(myKeyParams, myNonce);
+
+            /* Initialise the cipher for encryption */
+            pCipher.init(true, myParams);
+            final int myMaxOutLen = pCipher.getOutputSize(DATALEN);
+            final byte[] myEncrypted = new byte[myMaxOutLen];
+            //pCipher.processAADBytes(myAEAD, 0, AEADLEN);
+            int myOutLen = pCipher.processBytes(myData, 0, DATALEN, myEncrypted, 0);
+            int myRemaining = pCipher.getOutputSize(0);
+            if (myRemaining + myOutLen < myMaxOutLen)
+            {
+                /*********************************************************************/
+                /* FAILS HERE                                                                                   */
+                /*********************************************************************/
+                System.out.println("Bad outputLength on encryption for " + pCipher.getAlgorithmName());
+            }
+            int myProcessed = pCipher.doFinal(myEncrypted, myOutLen);
+            if (myOutLen + myProcessed != myMaxOutLen)
+            {
+                System.out.println("Bad total on encryption for " + pCipher.getAlgorithmName());
+            }
+
+            /* Note that myOutLen is too large by DATALEN  */
+
+            /* Initialise the cipher for decryption */
+            pCipher.init(false, myParams);
+            final int myMaxClearLen = pCipher.getOutputSize(myMaxOutLen);
+            final byte[] myDecrypted = new byte[myMaxClearLen];
+            //pCipher.processAADBytes(myAEAD, 0, AEADLEN);
+            int myClearLen = pCipher.processBytes(myEncrypted, 0, myEncrypted.length, myDecrypted, 0);
+            myRemaining = pCipher.getOutputSize(0);
+            if (myRemaining + myClearLen < myMaxClearLen)
+            {
+                System.out.println("Bad outputLength on decryption for " + pCipher.getAlgorithmName());
+            }
+            myProcessed = pCipher.doFinal(myDecrypted, myClearLen);
+            if (myClearLen + myProcessed != myMaxClearLen)
+            {
+                System.out.println("Bad total on decryption for " + pCipher.getAlgorithmName());
+            }
+            final byte[] myResult = Arrays.copyOf(myDecrypted, DATALEN);
+
+            /* Check that we have the same result */
+            if (!Arrays.areEqual(myData, myResult))
+            {
+                System.out.println("Cipher " + pCipher.getAlgorithmName() + " failed");
+            }
+        }
+        catch (InvalidCipherTextException e)
+        {
+            throw new RuntimeException(e);
+        }
+    }
+
     public String getName()
     {
         return "Romulus";
@@ -19,6 +120,7 @@ public String getName()
     public void performTest()
         throws Exception
     {
+        checkCipher(new RomulusEngine(RomulusEngine.RomulusParameters.RomulusM), 16);
         DigestTest.implTestVectorsDigest(this, new RomulusDigest(), "crypto/romulus", "LWC_HASH_KAT_256.txt");
         DigestTest.checkDigestReset(this, new RomulusDigest());
         DigestTest.implTestExceptionsAndParametersDigest(this, new RomulusDigest(), 32);
@@ -153,10 +255,10 @@ private void implTestParametersEngine(RomulusEngine cipher, int keySize, int ivS
         }
     }
 
-    public static void main(String[] args)
-    {
-        runTest(new RomulusTest());
-    }
+//    public static void main(String[] args)
+//    {
+//        runTest(new RomulusTest());
+//    }
 }
 
 

Original file line number	Diff line number	Diff line change
`@@ -630,6 +630,7 @@ protected class StreamDataOperator`
`630`	`630`
`631`	`631`	`public int processByte(byte input, byte[] output, int outOff)`
`632`	`632`	`{`
	`633`	`+ checkData(false);`
`633`	`634`	`ensureInitialized();`
`634`	`635`	`stream.write(input);`
`635`	`636`	`m_bufPos = stream.size();`
`@@ -639,6 +640,7 @@ public int processByte(byte input, byte[] output, int outOff)`
`639`	`640`	`@Override`
`640`	`641`	`public int processBytes(byte[] input, int inOff, int len, byte[] output, int outOff)`
`641`	`642`	`{`
	`643`	`+ checkData(false);`
`642`	`644`	`ensureInitialized();`
`643`	`645`	`stream.write(input, inOff, len);`
`644`	`646`	`m_bufPos = stream.size();`