Correct AsconCXof128. Rename AsconAEAD128 and AsconHash256.

gefeili · gefeili · commit 900671b8ba1d · 2024-11-25T14:07:54.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconBaseDigest.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconBaseDigest.java
@@ -130,7 +130,7 @@ public int doFinal(byte[] output, int outOff)
         return hash(output, outOff, CRYPTO_BYTES);
     }
 
-    protected void finishAbsorbing()
+    protected void padAndAbsorb()
     {
         x0 ^= loadBytes(m_buf, 0, m_bufPos);
         x0 ^= pad(m_bufPos);
@@ -158,7 +158,7 @@ protected int hash(byte[] output, int outOff, int outLen)
         {
             throw new OutputLengthException("output buffer is too short");
         }
-        finishAbsorbing();
+        padAndAbsorb();
         /* squeeze full output blocks */
         squeeze(output, outOff, outLen);
         return outLen;
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconCXof128.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconCXof128.java
@@ -17,40 +17,43 @@
  * ASM implementations of Ascon (NIST SP 800-232)</a>.
  * </p>
  */
-public class AsconCxof128
+public class AsconCXof128
     extends AsconBaseDigest
     implements Xof
 {
-    private byte[] s;
 
-    public AsconCxof128(byte[] s)
+    private final long z0, z1, z2, z3, z4;
+
+    public AsconCXof128()
     {
-        if (s.length > 2048)
-        {
-            throw new DataLengthException("customized string is too long");
-        }
-        this.s = Arrays.clone(s);
-        reset();
+        this(new byte[0], 0, 0);
     }
 
-    public AsconCxof128(byte[] s, int off, int len)
+    public AsconCXof128(byte[] s)
+    {
+        this(s, 0, s.length);
+    }
+
+    public AsconCXof128(byte[] s, int off, int len)
     {
         if ((off + len) > s.length)
         {
             throw new DataLengthException("input buffer too short");
         }
-        if (len > 2048)
+        if (len > 256)
         {
             throw new DataLengthException("customized string is too long");
         }
-        this.s = Arrays.copyOfRange(s, off, off + len);
-        reset();
+        initState(s, off, len);
+        // NOTE: Cache the initialized state
+        z0 = x0;
+        z1 = x1;
+        z2 = x2;
+        z3 = x3;
+        z4 = x4;
     }
 
-    public AsconCxof128()
-    {
-        reset();
-    }
+
 
     protected long pad(int i)
     {
@@ -90,7 +93,7 @@ public int doOutput(byte[] output, int outOff, int outLen)
         {
             throw new OutputLengthException("output buffer is too short");
         }
-        finishAbsorbing();
+        padAndAbsorb();
         /* squeeze full output blocks */
         squeeze(output, outOff, outLen);
         return outLen;
@@ -108,16 +111,25 @@ public void reset()
     {
         super.reset();
         /* initialize */
+        x0 = z0;
+        x1 = z1;
+        x2 = z2;
+        x3 = z3;
+        x4 = z4;
+    }
+
+    private void initState(byte[] z, int zOff, int zLen)
+    {
         x0 = 7445901275803737603L;
         x1 = 4886737088792722364L;
         x2 = -1616759365661982283L;
         x3 = 3076320316797452470L;
         x4 = -8124743304765850554L;
-        if (s != null)
-        {
-            update(s, 0, s.length);
-            finishAbsorbing();
-        }
+        long bitLength = ((long)zLen) << 3;
+        Pack.longToLittleEndian(bitLength, m_buf, 0);
+        p(12);
+        update(z, zOff, zLen);
+        padAndAbsorb();
     }
 }
 
diff --git a/core/src/main/java/org/bouncycastle/crypto/digests/AsconHash256.java b/core/src/main/java/org/bouncycastle/crypto/digests/AsconHash256.java
@@ -13,10 +13,10 @@
  *  ASM implementations of Ascon (NIST SP 800-232)</a>.
  * </p>
  */
-public class AsconHash256Digest
+public class AsconHash256
     extends AsconBaseDigest
 {
-    public AsconHash256Digest()
+    public AsconHash256()
     {
         reset();
     }
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/AsconAEAD128.java b/core/src/main/java/org/bouncycastle/crypto/engines/AsconAEAD128.java
@@ -21,10 +21,10 @@
  *
  * @version 1.3
  */
-public class AsconAEAD128Engine
+public class AsconAEAD128
     extends AsconBaseEngine
 {
-    public AsconAEAD128Engine()
+    public AsconAEAD128()
     {
         CRYPTO_KEYBYTES = 16;
         CRYPTO_ABYTES = 16;
diff --git a/core/src/test/java/org/bouncycastle/crypto/test/AsconTest.java b/core/src/test/java/org/bouncycastle/crypto/test/AsconTest.java
@@ -12,12 +12,12 @@
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.OutputLengthException;
 import org.bouncycastle.crypto.Xof;
-import org.bouncycastle.crypto.digests.AsconCxof128;
+import org.bouncycastle.crypto.digests.AsconCXof128;
 import org.bouncycastle.crypto.digests.AsconDigest;
-import org.bouncycastle.crypto.digests.AsconHash256Digest;
+import org.bouncycastle.crypto.digests.AsconHash256;
 import org.bouncycastle.crypto.digests.AsconXof;
 import org.bouncycastle.crypto.digests.AsconXof128;
-import org.bouncycastle.crypto.engines.AsconAEAD128Engine;
+import org.bouncycastle.crypto.engines.AsconAEAD128;
 import org.bouncycastle.crypto.engines.AsconEngine;
 import org.bouncycastle.crypto.modes.AEADCipher;
 import org.bouncycastle.crypto.params.AEADParameters;
@@ -96,7 +96,7 @@ public void performTest()
             @Override
             public AEADCipher CreateInstace()
             {
-                return new AsconAEAD128Engine();
+                return new AsconAEAD128();
             }
         });
 
@@ -127,10 +127,10 @@ public AEADCipher CreateInstace()
             }
         });
 
-        DigestTest.checkDigestReset(this, new AsconHash256Digest());
+        DigestTest.checkDigestReset(this, new AsconHash256());
         DigestTest.checkDigestReset(this, new AsconXof128());
-        DigestTest.checkDigestReset(this, new AsconCxof128());
-        DigestTest.checkDigestReset(this, new AsconCxof128());
+        DigestTest.checkDigestReset(this, new AsconCXof128());
+        DigestTest.checkDigestReset(this, new AsconCXof128());
         DigestTest.checkDigestReset(this, new AsconXof(AsconXof.AsconParameters.AsconXof));
         DigestTest.checkDigestReset(this, new AsconXof(AsconXof.AsconParameters.AsconXofA));
         DigestTest.checkDigestReset(this, new AsconDigest(AsconDigest.AsconParameters.AsconHash));
@@ -184,7 +184,7 @@ public void testBufferingEngine_asconaead128()
             @Override
             public AEADCipher createEngine()
             {
-                return new AsconAEAD128Engine();
+                return new AsconAEAD128();
             }
         });
     }
@@ -223,7 +223,7 @@ public void testExceptionsDigest_AsconHash256()
             @Override
             public ExtendedDigest createDigest()
             {
-                return new AsconHash256Digest();
+                return new AsconHash256();
             }
         });
     }
@@ -275,7 +275,7 @@ public void testExceptionsEngine_asconaead128()
             @Override
             public AEADCipher createEngine()
             {
-                return new AsconAEAD128Engine();
+                return new AsconAEAD128();
             }
         });
     }
@@ -327,7 +327,7 @@ public void testExceptionsXof_AsconCxof128()
             @Override
             public ExtendedDigest createDigest()
             {
-                return new AsconCxof128();
+                return new AsconCXof128();
             }
         });
     }
@@ -366,7 +366,7 @@ public void testParametersDigest_AsconHash256()
             @Override
             public ExtendedDigest createDigest()
             {
-                return new AsconHash256Digest();
+                return new AsconHash256();
             }
         }, 32);
     }
@@ -418,7 +418,7 @@ public void testParametersEngine_asconaead128()
             @Override
             public AEADCipher createEngine()
             {
-                return new AsconAEAD128Engine();
+                return new AsconAEAD128();
             }
         }, 16, 16, 16);
     }
@@ -456,7 +456,7 @@ public void testParametersXof_AsconCxof128()
             @Override
             public ExtendedDigest createDigest()
             {
-                return new AsconCxof128();
+                return new AsconCXof128();
             }
         }, 32);
     }
@@ -494,13 +494,13 @@ public void testVectorsEngine_ascon80pq()
     public void testVectorsEngine_asconaead128()
         throws Exception
     {
-        implTestVectorsEngine(new AsconAEAD128Engine(), "crypto/ascon/asconaead128", "128_128");
+        implTestVectorsEngine(new AsconAEAD128(), "crypto/ascon/asconaead128", "128_128");
     }
 
     public void testVectorsDigest_AsconHash256()
         throws Exception
     {
-        implTestVectorsDigest(new AsconHash256Digest(), "crypto/ascon/asconhash256", "LWC_HASH_KAT_256");
+        implTestVectorsDigest(new AsconHash256(), "crypto/ascon/asconhash256", "LWC_HASH_KAT_256");
     }
 
     public void testVectorsXof_AsconXof128()
@@ -653,8 +653,8 @@ private void implTestExceptionsEngine(CreateEngine operator)
         }
         else
         {
-            keySize = ((AsconAEAD128Engine)ascon).getKeyBytesSize();
-            ivSize = ((AsconAEAD128Engine)ascon).getIVBytesSize();
+            keySize = ((AsconAEAD128)ascon).getKeyBytesSize();
+            ivSize = ((AsconAEAD128)ascon).getIVBytesSize();
         }
 
         int offset;
@@ -1009,8 +1009,8 @@ private void implTestParametersEngine(CreateEngine operator, int keySize, int iv
         }
         else
         {
-            keySize2 = ((AsconAEAD128Engine)ascon).getKeyBytesSize();
-            ivSize2 = ((AsconAEAD128Engine)ascon).getIVBytesSize();
+            keySize2 = ((AsconAEAD128)ascon).getKeyBytesSize();
+            ivSize2 = ((AsconAEAD128)ascon).getIVBytesSize();
         }
         if (keySize2 != keySize)
         {
@@ -1221,8 +1221,8 @@ private static void initEngine(AEADCipher ascon, boolean forEncryption)
         }
         else
         {
-            keySize = ((AsconAEAD128Engine)ascon).getKeyBytesSize();
-            ivSize = ((AsconAEAD128Engine)ascon).getIVBytesSize();
+            keySize = ((AsconAEAD128)ascon).getKeyBytesSize();
+            ivSize = ((AsconAEAD128)ascon).getIVBytesSize();
         }
         int macSize = ivSize * 8;
 

Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ public int doFinal(byte[] output, int outOff)`
`130`	`130`	`return hash(output, outOff, CRYPTO_BYTES);`
`131`	`131`	`}`
`132`	`132`
`133`		`- protected void finishAbsorbing()`
	`133`	`+ protected void padAndAbsorb()`
`134`	`134`	`{`
`135`	`135`	`x0 ^= loadBytes(m_buf, 0, m_bufPos);`
`136`	`136`	`x0 ^= pad(m_bufPos);`
`@@ -158,7 +158,7 @@ protected int hash(byte[] output, int outOff, int outLen)`
`158`	`158`	`{`
`159`	`159`	`throw new OutputLengthException("output buffer is too short");`
`160`	`160`	`}`
`161`		`- finishAbsorbing();`
	`161`	`+ padAndAbsorb();`
`162`	`162`	`/* squeeze full output blocks */`
`163`	`163`	`squeeze(output, outOff, outLen);`
`164`	`164`	`return outLen;`
Original file line number	Diff line number	Diff line change
`@@ -13,10 +13,10 @@`
`13`	`13`	`* ASM implementations of Ascon (NIST SP 800-232)</a>.`
`14`	`14`	`* </p>`
`15`	`15`	`*/`
`16`		`-public class AsconHash256Digest`
	`16`	`+public class AsconHash256`
`17`	`17`	`extends AsconBaseDigest`
`18`	`18`	`{`
`19`		`- public AsconHash256Digest()`
	`19`	`+ public AsconHash256()`
`20`	`20`	`{`
`21`	`21`	`reset();`
`22`	`22`	`}`
Original file line number	Diff line number	Diff line change
`@@ -21,10 +21,10 @@`
`21`	`21`	`*`
`22`	`22`	`* @version 1.3`
`23`	`23`	`*/`
`24`		`-public class AsconAEAD128Engine`
	`24`	`+public class AsconAEAD128`
`25`	`25`	`extends AsconBaseEngine`
`26`	`26`	`{`
`27`		`- public AsconAEAD128Engine()`
	`27`	`+ public AsconAEAD128()`
`28`	`28`	`{`
`29`	`29`	`CRYPTO_KEYBYTES = 16;`
`30`	`30`	`CRYPTO_ABYTES = 16;`
Original file line number	Diff line number	Diff line change
`@@ -12,12 +12,12 @@`
`12`	`12`	`import org.bouncycastle.crypto.InvalidCipherTextException;`
`13`	`13`	`import org.bouncycastle.crypto.OutputLengthException;`
`14`	`14`	`import org.bouncycastle.crypto.Xof;`
`15`		`-import org.bouncycastle.crypto.digests.AsconCxof128;`
	`15`	`+import org.bouncycastle.crypto.digests.AsconCXof128;`
`16`	`16`	`import org.bouncycastle.crypto.digests.AsconDigest;`
`17`		`-import org.bouncycastle.crypto.digests.AsconHash256Digest;`
	`17`	`+import org.bouncycastle.crypto.digests.AsconHash256;`
`18`	`18`	`import org.bouncycastle.crypto.digests.AsconXof;`
`19`	`19`	`import org.bouncycastle.crypto.digests.AsconXof128;`
`20`		`-import org.bouncycastle.crypto.engines.AsconAEAD128Engine;`
	`20`	`+import org.bouncycastle.crypto.engines.AsconAEAD128;`
`21`	`21`	`import org.bouncycastle.crypto.engines.AsconEngine;`
`22`	`22`	`import org.bouncycastle.crypto.modes.AEADCipher;`
`23`	`23`	`import org.bouncycastle.crypto.params.AEADParameters;`
`@@ -96,7 +96,7 @@ public void performTest()`
`96`	`96`	`@Override`
`97`	`97`	`public AEADCipher CreateInstace()`
`98`	`98`	`{`
`99`		`- return new AsconAEAD128Engine();`
	`99`	`+ return new AsconAEAD128();`
`100`	`100`	`}`
`101`	`101`	`});`
`102`	`102`
`@@ -127,10 +127,10 @@ public AEADCipher CreateInstace()`
`127`	`127`	`}`
`128`	`128`	`});`
`129`	`129`
`130`		`- DigestTest.checkDigestReset(this, new AsconHash256Digest());`
	`130`	`+ DigestTest.checkDigestReset(this, new AsconHash256());`
`131`	`131`	`DigestTest.checkDigestReset(this, new AsconXof128());`
`132`		`- DigestTest.checkDigestReset(this, new AsconCxof128());`
`133`		`- DigestTest.checkDigestReset(this, new AsconCxof128());`
	`132`	`+ DigestTest.checkDigestReset(this, new AsconCXof128());`
	`133`	`+ DigestTest.checkDigestReset(this, new AsconCXof128());`
`134`	`134`	`DigestTest.checkDigestReset(this, new AsconXof(AsconXof.AsconParameters.AsconXof));`
`135`	`135`	`DigestTest.checkDigestReset(this, new AsconXof(AsconXof.AsconParameters.AsconXofA));`
`136`	`136`	`DigestTest.checkDigestReset(this, new AsconDigest(AsconDigest.AsconParameters.AsconHash));`
`@@ -184,7 +184,7 @@ public void testBufferingEngine_asconaead128()`
`184`	`184`	`@Override`
`185`	`185`	`public AEADCipher createEngine()`
`186`	`186`	`{`
`187`		`- return new AsconAEAD128Engine();`
	`187`	`+ return new AsconAEAD128();`
`188`	`188`	`}`
`189`	`189`	`});`
`190`	`190`	`}`
`@@ -223,7 +223,7 @@ public void testExceptionsDigest_AsconHash256()`
`223`	`223`	`@Override`
`224`	`224`	`public ExtendedDigest createDigest()`
`225`	`225`	`{`
`226`		`- return new AsconHash256Digest();`
	`226`	`+ return new AsconHash256();`
`227`	`227`	`}`
`228`	`228`	`});`
`229`	`229`	`}`
`@@ -275,7 +275,7 @@ public void testExceptionsEngine_asconaead128()`
`275`	`275`	`@Override`
`276`	`276`	`public AEADCipher createEngine()`
`277`	`277`	`{`
`278`		`- return new AsconAEAD128Engine();`
	`278`	`+ return new AsconAEAD128();`
`279`	`279`	`}`
`280`	`280`	`});`
`281`	`281`	`}`
`@@ -327,7 +327,7 @@ public void testExceptionsXof_AsconCxof128()`
`327`	`327`	`@Override`
`328`	`328`	`public ExtendedDigest createDigest()`
`329`	`329`	`{`
`330`		`- return new AsconCxof128();`
	`330`	`+ return new AsconCXof128();`
`331`	`331`	`}`
`332`	`332`	`});`
`333`	`333`	`}`
`@@ -366,7 +366,7 @@ public void testParametersDigest_AsconHash256()`
`366`	`366`	`@Override`
`367`	`367`	`public ExtendedDigest createDigest()`
`368`	`368`	`{`
`369`		`- return new AsconHash256Digest();`
	`369`	`+ return new AsconHash256();`
`370`	`370`	`}`
`371`	`371`	`}, 32);`
`372`	`372`	`}`
`@@ -418,7 +418,7 @@ public void testParametersEngine_asconaead128()`
`418`	`418`	`@Override`
`419`	`419`	`public AEADCipher createEngine()`
`420`	`420`	`{`
`421`		`- return new AsconAEAD128Engine();`
	`421`	`+ return new AsconAEAD128();`
`422`	`422`	`}`
`423`	`423`	`}, 16, 16, 16);`
`424`	`424`	`}`
`@@ -456,7 +456,7 @@ public void testParametersXof_AsconCxof128()`
`456`	`456`	`@Override`
`457`	`457`	`public ExtendedDigest createDigest()`
`458`	`458`	`{`
`459`		`- return new AsconCxof128();`
	`459`	`+ return new AsconCXof128();`
`460`	`460`	`}`
`461`	`461`	`}, 32);`
`462`	`462`	`}`
`@@ -494,13 +494,13 @@ public void testVectorsEngine_ascon80pq()`
`494`	`494`	`public void testVectorsEngine_asconaead128()`
`495`	`495`	`throws Exception`
`496`	`496`	`{`
`497`		`- implTestVectorsEngine(new AsconAEAD128Engine(), "crypto/ascon/asconaead128", "128_128");`
	`497`	`+ implTestVectorsEngine(new AsconAEAD128(), "crypto/ascon/asconaead128", "128_128");`
`498`	`498`	`}`
`499`	`499`
`500`	`500`	`public void testVectorsDigest_AsconHash256()`
`501`	`501`	`throws Exception`
`502`	`502`	`{`
`503`		`- implTestVectorsDigest(new AsconHash256Digest(), "crypto/ascon/asconhash256", "LWC_HASH_KAT_256");`
	`503`	`+ implTestVectorsDigest(new AsconHash256(), "crypto/ascon/asconhash256", "LWC_HASH_KAT_256");`
`504`	`504`	`}`
`505`	`505`
`506`	`506`	`public void testVectorsXof_AsconXof128()`
`@@ -653,8 +653,8 @@ private void implTestExceptionsEngine(CreateEngine operator)`
`653`	`653`	`}`
`654`	`654`	`else`
`655`	`655`	`{`
`656`		`- keySize = ((AsconAEAD128Engine)ascon).getKeyBytesSize();`
`657`		`- ivSize = ((AsconAEAD128Engine)ascon).getIVBytesSize();`
	`656`	`+ keySize = ((AsconAEAD128)ascon).getKeyBytesSize();`
	`657`	`+ ivSize = ((AsconAEAD128)ascon).getIVBytesSize();`
`658`	`658`	`}`
`659`	`659`
`660`	`660`	`int offset;`
`@@ -1009,8 +1009,8 @@ private void implTestParametersEngine(CreateEngine operator, int keySize, int iv`
`1009`	`1009`	`}`
`1010`	`1010`	`else`
`1011`	`1011`	`{`
`1012`		`- keySize2 = ((AsconAEAD128Engine)ascon).getKeyBytesSize();`
`1013`		`- ivSize2 = ((AsconAEAD128Engine)ascon).getIVBytesSize();`
	`1012`	`+ keySize2 = ((AsconAEAD128)ascon).getKeyBytesSize();`
	`1013`	`+ ivSize2 = ((AsconAEAD128)ascon).getIVBytesSize();`
`1014`	`1014`	`}`
`1015`	`1015`	`if (keySize2 != keySize)`
`1016`	`1016`	`{`
`@@ -1221,8 +1221,8 @@ private static void initEngine(AEADCipher ascon, boolean forEncryption)`
`1221`	`1221`	`}`
`1222`	`1222`	`else`
`1223`	`1223`	`{`
`1224`		`- keySize = ((AsconAEAD128Engine)ascon).getKeyBytesSize();`
`1225`		`- ivSize = ((AsconAEAD128Engine)ascon).getIVBytesSize();`
	`1224`	`+ keySize = ((AsconAEAD128)ascon).getKeyBytesSize();`
	`1225`	`+ ivSize = ((AsconAEAD128)ascon).getIVBytesSize();`
`1226`	`1226`	`}`
`1227`	`1227`	`int macSize = ivSize * 8;`
`1228`	`1228`