Merge branch 'aead-base-update' into 'main'

Aead base update

See merge request root/bc-java!79

Author: dghgit

core/src/main/java/org/bouncycastle/crypto/engines/AEADBufferBaseEngine.java

@@ -13,9 +13,7 @@ abstract class AEADBufferBaseEngine
     protected enum ProcessingBufferType
     {
         Buffered, // Store a (aad) block size of input and process after the input size exceeds the buffer size
-        BufferedLargeMac, // handle the situation when mac size is larger than the block size, used for pb128
         Immediate, //process the input immediately when the input size is equal or greater than the block size
-        ImmediateLargeMac, // handle the situation when mac size is larger than the block size, used for ascon80pq, ascon128, ISAP_A_128(A)
     }
 
     protected enum AADOperatorType
@@ -65,15 +63,9 @@ protected void setInnerMembers(ProcessingBufferType type, AADOperatorType aadOpe
         case Buffered:
             processor = new BufferedAADProcessor();
             break;
-        case BufferedLargeMac:
-            processor = new BufferedLargeMacAADProcessor();
-            break;
         case Immediate:
             processor = new ImmediateAADProcessor();
             break;
-        case ImmediateLargeMac:
-            processor = new ImmediateLargeMacAADProcessor();
-            break;
         }
 
         m_bufferSizeDecrypt = BlockSize + MAC_SIZE;
@@ -117,16 +109,14 @@ protected interface AADProcessingBuffer
     {
         void processAADByte(byte input);
 
-        int processDecryptBytes(byte[] input, int inOff, int len, byte[] output, int outOff);
-
         int getUpdateOutputSize(int len);
 
         boolean isLengthWithinAvailableSpace(int len, int available);
 
         boolean isLengthExceedingBlockSize(int len, int size);
     }
 
-    private abstract class BufferedBaseAADProcessor
+    private class BufferedAADProcessor
         implements AADProcessingBuffer
     {
         public void processAADByte(byte input)
@@ -159,27 +149,7 @@ public int getUpdateOutputSize(int len)
         }
     }
 
-    private class BufferedAADProcessor
-        extends BufferedBaseAADProcessor
-    {
-        @Override
-        public int processDecryptBytes(byte[] input, int inOff, int len, byte[] output, int outOff)
-        {
-            return processDecryptionWithSmallMacSize(input, inOff, len, output, outOff);
-        }
-    }
-
-    private class BufferedLargeMacAADProcessor
-        extends BufferedBaseAADProcessor
-    {
-        @Override
-        public int processDecryptBytes(byte[] input, int inOff, int len, byte[] output, int outOff)
-        {
-            return processDecryptionWithLargeMacSize(input, inOff, len, output, outOff);
-        }
-    }
-
-    private abstract class ImmediateBaseAADProcessor
+    private class ImmediateAADProcessor
         implements AADProcessingBuffer
     {
         public void processAADByte(byte input)
@@ -211,26 +181,6 @@ public boolean isLengthExceedingBlockSize(int len, int size)
         }
     }
 
-    private class ImmediateAADProcessor
-        extends ImmediateBaseAADProcessor
-    {
-        @Override
-        public int processDecryptBytes(byte[] input, int inOff, int len, byte[] output, int outOff)
-        {
-            return processDecryptionWithSmallMacSize(input, inOff, len, output, outOff);
-        }
-    }
-
-    private class ImmediateLargeMacAADProcessor
-        extends ImmediateBaseAADProcessor
-    {
-        @Override
-        public int processDecryptBytes(byte[] input, int inOff, int len, byte[] output, int outOff)
-        {
-            return processDecryptionWithLargeMacSize(input, inOff, len, output, outOff);
-        }
-    }
-
     protected interface AADOperator
     {
         void processAADByte(byte input);
@@ -359,7 +309,6 @@ public int getLen()
         @Override
         public void reset()
         {
-
         }
     }
 
@@ -516,26 +465,26 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out
 
     protected int processEncDecBytes(byte[] input, int inOff, int len, byte[] output, int outOff)
     {
+        boolean forEncryption = checkData(false);
         int available, resultLength;
-        if (checkData(false))
+        available = (forEncryption ? BlockSize : m_bufferSizeDecrypt) - m_bufPos;
+        // The function is just an operator < or <=
+        if (processor.isLengthWithinAvailableSpace(len, available))
+        {
+            System.arraycopy(input, inOff, m_buf, m_bufPos, len);
+            m_bufPos += len;
+            return 0;
+        }
+        resultLength = processor.getUpdateOutputSize(len) + m_bufPos - (forEncryption ? 0 : MAC_SIZE);
+        ensureSufficientOutputBuffer(output, outOff, resultLength - resultLength % BlockSize);
+        resultLength = 0;
+        if (forEncryption)
         {
-            resultLength = 0;
-            available = processor.getUpdateOutputSize(len) + m_bufPos;
-            ensureSufficientOutputBuffer(output, outOff, available - available % BlockSize);
             if (m_bufPos > 0)
             {
-                available = BlockSize - m_bufPos;
-                // The function is just an operator < or <=
-                if (processor.isLengthWithinAvailableSpace(len, available))
-                {
-                    System.arraycopy(input, inOff, m_buf, m_bufPos, len);
-                    m_bufPos += len;
-                    return 0;
-                }
                 System.arraycopy(input, inOff, m_buf, m_bufPos, available);
                 inOff += available;
                 len -= available;
-
                 processBufferEncrypt(m_buf, 0, output, outOff);
                 resultLength = BlockSize;
             }
@@ -550,25 +499,30 @@ protected int processEncDecBytes(byte[] input, int inOff, int len, byte[] output
         }
         else
         {
-            available = m_bufferSizeDecrypt - m_bufPos;
-            if (processor.isLengthWithinAvailableSpace(len, available))
+            // loop will run more than once for the following situation: pb128, ascon80pq, ascon128, ISAP_A_128(A)
+            while (processor.isLengthExceedingBlockSize(m_bufPos, BlockSize)
+                && processor.isLengthExceedingBlockSize(len + m_bufPos, m_bufferSizeDecrypt))
             {
-                System.arraycopy(input, inOff, m_buf, m_bufPos, len);
-                m_bufPos += len;
-                return 0;
+                processBufferDecrypt(m_buf, resultLength, output, outOff + resultLength);
+                m_bufPos -= BlockSize;
+                resultLength += BlockSize;
             }
-            resultLength = (processor.getUpdateOutputSize(len) + m_bufPos - MAC_SIZE);
-            resultLength -= resultLength % BlockSize;
-            ensureSufficientOutputBuffer(output, outOff, resultLength);
-            int originalInOff = inOff;
-            int originalm_bufPos = m_bufPos;
-            if ((inOff = processor.processDecryptBytes(input, inOff, len, output, outOff)) == -1)
+            if (m_bufPos > 0)
             {
-                return resultLength;
+                System.arraycopy(m_buf, resultLength, m_buf, 0, m_bufPos);
+                if (processor.isLengthWithinAvailableSpace(m_bufPos + len, m_bufferSizeDecrypt))
+                {
+                    System.arraycopy(input, inOff, m_buf, m_bufPos, len);
+                    m_bufPos += len;
+                    return resultLength;
+                }
+                available = Math.max(BlockSize - m_bufPos, 0);
+                System.arraycopy(input, inOff, m_buf, m_bufPos, available);
+                inOff += available;
+                len -= available;
+                processBufferDecrypt(m_buf, 0, output, outOff + resultLength);
+                resultLength += BlockSize;
             }
-            resultLength = inOff - originalInOff;
-            len -= resultLength;
-            resultLength += originalm_bufPos;
             while (processor.isLengthExceedingBlockSize(len, m_bufferSizeDecrypt))
             {
                 processBufferDecrypt(input, inOff, output, outOff + resultLength);
@@ -582,65 +536,6 @@ protected int processEncDecBytes(byte[] input, int inOff, int len, byte[] output
         return resultLength;
     }
 
-    private int processDecryptionWithLargeMacSize(byte[] input, int inOff, int len, byte[] output, int outOff)
-    {
-        int resultLength = 0, available;
-        // If the mac size is greater than the block size, process the data in m_buf in the loop until
-        // there is nearly mac_size data left
-        while (processor.isLengthExceedingBlockSize(m_bufPos, BlockSize)
-            && processor.isLengthExceedingBlockSize(len + m_bufPos, m_bufferSizeDecrypt))
-        {
-            processBufferDecrypt(m_buf, resultLength, output, outOff + resultLength);
-            m_bufPos -= BlockSize;
-            resultLength += BlockSize;
-        }
-        if (m_bufPos > 0)
-        {
-            System.arraycopy(m_buf, resultLength, m_buf, 0, m_bufPos);
-            if (processor.isLengthExceedingBlockSize(m_bufPos + len, m_bufferSizeDecrypt))
-            {
-                available = Math.max(BlockSize - m_bufPos, 0);
-                System.arraycopy(input, inOff, m_buf, m_bufPos, available);
-                inOff += available;
-                processBufferDecrypt(m_buf, 0, output, outOff + resultLength);
-            }
-            else
-            {
-                System.arraycopy(input, inOff, m_buf, m_bufPos, len);
-                m_bufPos += len;
-                return -1;
-            }
-        }
-        return inOff;
-    }
-
-    private int processDecryptionWithSmallMacSize(byte[] input, int inOff, int len, byte[] output, int outOff)
-    {
-        int resultLength = 0, available = m_bufferSizeDecrypt - m_bufPos;
-        if (m_bufPos > 0)
-        {
-            if (processor.isLengthExceedingBlockSize(m_bufPos, BlockSize))
-            {
-                processBufferDecrypt(m_buf, 0, output, outOff);
-                m_bufPos -= BlockSize;
-                System.arraycopy(m_buf, BlockSize, m_buf, 0, m_bufPos);
-                resultLength = BlockSize;
-                available += BlockSize;
-                if (processor.isLengthWithinAvailableSpace(len, available))
-                {
-                    System.arraycopy(input, inOff, m_buf, m_bufPos, len);
-                    m_bufPos += len;
-                    return -1;
-                }
-            }
-            available = Math.max(BlockSize - m_bufPos, 0);
-            System.arraycopy(input, inOff, m_buf, m_bufPos, available);
-            inOff += available;
-            processBufferDecrypt(m_buf, 0, output, outOff + resultLength);
-        }
-        return inOff;
-    }
-
     @Override
     public int doFinal(byte[] output, int outOff)
         throws IllegalStateException, InvalidCipherTextException
@@ -663,10 +558,7 @@ public int doFinal(byte[] output, int outOff)
             resultLength = m_bufPos;
         }
 
-        if (outOff > output.length - resultLength)
-        {
-            throw new OutputLengthException("output buffer too short");
-        }
+        ensureSufficientOutputBuffer(output, outOff, resultLength);
         mac = new byte[MAC_SIZE];
         processFinalBlock(output, outOff);
         if (forEncryption)
@@ -684,7 +576,7 @@ public int doFinal(byte[] output, int outOff)
         return resultLength;
     }
 
-    public int getBlockSize()
+    public final int getBlockSize()
     {
         return BlockSize;
     }
@@ -774,7 +666,7 @@ protected boolean checkData(boolean isDoFinal)
 
     protected abstract void finishAAD(State nextState, boolean isDoFinal);
 
-    protected void bufferReset()
+    protected final void bufferReset()
     {
         if (m_buf != null)
         {
@@ -808,23 +700,23 @@ protected void bufferReset()
         dataOperator.reset();
     }
 
-    protected void ensureSufficientOutputBuffer(byte[] output, int outOff, int len)
+    protected final void ensureSufficientOutputBuffer(byte[] output, int outOff, int len)
     {
-        if (len >= BlockSize && outOff + len > output.length)
+        if (outOff + len > output.length)
         {
             throw new OutputLengthException("output buffer too short");
         }
     }
 
-    protected void ensureSufficientInputBuffer(byte[] input, int inOff, int len)
+    protected final void ensureSufficientInputBuffer(byte[] input, int inOff, int len)
     {
         if (inOff + len > input.length)
         {
             throw new DataLengthException("input buffer too short");
         }
     }
 
-    protected void ensureInitialized()
+    protected final void ensureInitialized()
     {
         if (m_state == State.Uninitialized)
         {

core/src/main/java/org/bouncycastle/crypto/engines/AsconEngine.java

@@ -63,7 +63,7 @@ public AsconEngine(AsconParameters asconParameters)
         nr = (BlockSize == 8) ? 6 : 8;
         AADBufferSize = BlockSize;
         dsep = 1L;
-        setInnerMembers(asconParameters == AsconParameters.ascon128a ? ProcessingBufferType.Immediate : ProcessingBufferType.ImmediateLargeMac, AADOperatorType.Default, DataOperatorType.Default);
+        setInnerMembers(ProcessingBufferType.Immediate, AADOperatorType.Default, DataOperatorType.Default);
     }
 
     protected long pad(int i)

core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java

@@ -26,34 +26,29 @@ public enum IsapType
     public ISAPEngine(IsapType isapType)
     {
         KEY_SIZE = IV_SIZE = MAC_SIZE = 16;
-        ProcessingBufferType bufferType;
         switch (isapType)
         {
         case ISAP_A_128A:
             ISAPAEAD = new ISAPAEAD_A_128A();
             algorithmName = "ISAP-A-128A AEAD";
-            bufferType = ProcessingBufferType.ImmediateLargeMac;
             break;
         case ISAP_K_128A:
             ISAPAEAD = new ISAPAEAD_K_128A();
             algorithmName = "ISAP-K-128A AEAD";
-            bufferType = ProcessingBufferType.Immediate;
             break;
         case ISAP_A_128:
             ISAPAEAD = new ISAPAEAD_A_128();
             algorithmName = "ISAP-A-128 AEAD";
-            bufferType = ProcessingBufferType.ImmediateLargeMac;
             break;
         case ISAP_K_128:
             ISAPAEAD = new ISAPAEAD_K_128();
             algorithmName = "ISAP-K-128 AEAD";
-            bufferType = ProcessingBufferType.Immediate;
             break;
         default:
             throw new IllegalArgumentException("Incorrect ISAP parameter");
         }
         AADBufferSize = BlockSize;
-        setInnerMembers(bufferType, AADOperatorType.Default, DataOperatorType.Counter);
+        setInnerMembers(ProcessingBufferType.Immediate, AADOperatorType.Default, DataOperatorType.Counter);
     }
 
     private static final int ISAP_STATE_SZ = 40;

core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java

@@ -72,8 +72,7 @@ public PhotonBeetleEngine(PhotonBeetleParameters pbp)
         STATE_INBYTES = (STATE_INBITS + 7) >>> 3;
         LAST_THREE_BITS_OFFSET = (STATE_INBITS - ((STATE_INBYTES - 1) << 3) - 3);
         algorithmName = "Photon-Beetle AEAD";
-        setInnerMembers(pbp == PhotonBeetleParameters.pb128 ? ProcessingBufferType.Buffered : ProcessingBufferType.BufferedLargeMac,
-            AADOperatorType.Counter, DataOperatorType.Counter);
+        setInnerMembers(ProcessingBufferType.Buffered, AADOperatorType.Counter, DataOperatorType.Counter);
     }
 
     @Override
@@ -117,7 +116,7 @@ protected void finishAAD(State nextState, boolean isDoFinal)
         m_state = nextState;
     }
 
-    public void processFinalAAD()
+    protected void processFinalAAD()
     {
         int aadLen = aadOperator.getLen();
         if (aadLen != 0)

core/src/main/java/org/bouncycastle/crypto/engines/RomulusEngine.java

@@ -855,7 +855,7 @@ static void hirose_128_128_256(byte[] h, byte[] g, byte[] m, int mOff)
     }
 
     @Override
-    public void init(byte[] key, byte[] iv)
+    protected void init(byte[] key, byte[] iv)
         throws IllegalArgumentException
     {
         npub = iv;

core/src/main/java/org/bouncycastle/crypto/engines/XoodyakEngine.java

@@ -43,7 +43,7 @@ public XoodyakEngine()
     }
 
     @Override
-    public void init(byte[] key, byte[] iv)
+    protected void init(byte[] key, byte[] iv)
         throws IllegalArgumentException
     {
         K = key;