move getMac to AEADBaseEngine, fix the bug related to Grain128AEADEngine

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/engines/AEADBaseEngine.java

@@ -18,6 +18,7 @@ abstract class AEADBaseEngine
     protected int CRYPTO_NPUBBYTES;
     protected int CRYPTO_ABYTES;
     protected byte[] initialAssociatedText;
+    protected byte[] mac;
 
     @Override
     public String getAlgorithmName()
@@ -35,6 +36,10 @@ public int getIVBytesSize()
         return CRYPTO_NPUBBYTES;
     }
 
+    public byte[] getMac()
+    {
+        return mac;
+    }
 
     public int processByte(byte in, byte[] out, int outOff)
         throws DataLengthException

core/src/main/java/org/bouncycastle/crypto/engines/AsconBaseEngine.java

@@ -3,7 +3,6 @@
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.OutputLengthException;
-import org.bouncycastle.crypto.modes.AEADCipher;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Longs;
 
@@ -25,7 +24,6 @@ protected enum State
 
 
     protected State m_state = State.Uninitialized;
-    protected byte[] mac;
     protected int nr;
     protected int ASCON_AEAD_RATE;
     protected long K0;
@@ -382,11 +380,6 @@ public int doFinal(byte[] outBytes, int outOff)
         return resultLength;
     }
 
-    public byte[] getMac()
-    {
-        return mac;
-    }
-
     public int getUpdateOutputSize(int len)
     {
         int total = Math.max(0, len);

core/src/main/java/org/bouncycastle/crypto/engines/ElephantEngine.java

@@ -4,14 +4,9 @@
 import java.util.Arrays;
 
 import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.OutputLengthException;
-import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
-import org.bouncycastle.crypto.modes.AEADCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
 
 /**
  * Elephant AEAD v2, based on the current round 3 submission, https://www.esat.kuleuven.be/cosic/elephant/
@@ -46,7 +41,6 @@ private enum State
     private int nSBox;
     private final int nRounds;
     private byte lfsrIV;
-    private byte[] tag;
     private byte[] npub;
     private byte[] expanded_key;
     private boolean initialised;
@@ -380,14 +374,14 @@ public int doFinal(byte[] output, int outOff)
         int nblocks_ad = 1 + (CRYPTO_NPUBBYTES + adlen) / BLOCK_SIZE;
         int nb_it = Math.max(nblocks_c + 1, nblocks_ad - 1);
         outOff += processBytes(inputMessage, output, outOff, nb_it, nblocks_m, nblocks_c, mlen, nblocks_ad, true);
-        tag = new byte[CRYPTO_ABYTES];
+        mac = new byte[CRYPTO_ABYTES];
         xor_block(tag_buffer, expanded_key, 0, BLOCK_SIZE);
         permutation(tag_buffer);
         xor_block(tag_buffer, expanded_key, 0, BLOCK_SIZE);
         if (forEncryption)
         {
-            System.arraycopy(tag_buffer, 0, tag, 0, CRYPTO_ABYTES);
-            System.arraycopy(tag, 0, output, outOff, tag.length);
+            System.arraycopy(tag_buffer, 0, mac, 0, CRYPTO_ABYTES);
+            System.arraycopy(mac, 0, output, outOff, mac.length);
             rv += CRYPTO_ABYTES;
         }
         else
@@ -405,12 +399,6 @@ public int doFinal(byte[] output, int outOff)
         return rv;
     }
 
-    @Override
-    public byte[] getMac()
-    {
-        return tag;
-    }
-
     @Override
     public int getUpdateOutputSize(int len)
     {
@@ -480,7 +468,7 @@ private void reset(boolean clearMac)
     {
         if (clearMac)
         {
-            tag = null;
+            mac = null;
         }
         aadData.reset();
         Arrays.fill(tag_buffer, (byte)0);

core/src/main/java/org/bouncycastle/crypto/engines/Grain128AEADEngine.java

@@ -34,8 +34,6 @@ public class Grain128AEADEngine
     private boolean aadFinished = false;
     private final ErasableOutputStream aadData = new ErasableOutputStream();
 
-    private byte[] mac;
-
     public Grain128AEADEngine()
     {
         algorithmName = "Grain-128AEAD";
@@ -44,11 +42,6 @@ public Grain128AEADEngine()
         CRYPTO_ABYTES = 8;
     }
 
-    public String getAlgorithmName()
-    {
-        return "Grain-128AEAD";
-    }
-
     /**
      * Initialize a Grain-128AEAD cipher.
      *
@@ -63,7 +56,7 @@ public void init(boolean forEncryption, CipherParameters params)
          * Grain encryption and decryption is completely symmetrical, so the
          * 'forEncryption' is irrelevant.
          */
-        byte[][] keyiv = initialize(true, params);
+        byte[][] keyiv = initialize(forEncryption, params);
 
 
         /*
@@ -397,12 +390,6 @@ private void authShift(int val)
         authSr[1] = (authSr[1] >>> 1) | (val << 31);
     }
 
-    public int processByte(byte input, byte[] output, int outOff)
-        throws DataLengthException
-    {
-        return processBytes(new byte[]{input}, 0, 1, output, outOff);
-    }
-
     public int doFinal(byte[] out, int outOff)
         throws IllegalStateException, InvalidCipherTextException
     {
@@ -423,11 +410,6 @@ public int doFinal(byte[] out, int outOff)
         return mac.length;
     }
 
-    public byte[] getMac()
-    {
-        return mac;
-    }
-
     public int getUpdateOutputSize(int len)
     {
         return len;

core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java

@@ -3,14 +3,9 @@
 import java.io.ByteArrayOutputStream;
 
 import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.OutputLengthException;
-import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
-import org.bouncycastle.crypto.modes.AEADCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Pack;
 
 /**
@@ -59,11 +54,8 @@ public ISAPEngine(IsapType isapType)
     private boolean initialised;
     final int ISAP_STATE_SZ = 40;
     private byte[] k;
-    private byte[] c;
-    private byte[] ad;
     private byte[] npub;
-    private byte[] mac;
-    private ByteArrayOutputStream aadData = new ByteArrayOutputStream();
+    private final ByteArrayOutputStream aadData = new ByteArrayOutputStream();
     private final ByteArrayOutputStream message = new ByteArrayOutputStream();
     private final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
     private int ISAP_rH;
@@ -856,6 +848,8 @@ public int doFinal(byte[] output, int outOff)
             throw new IllegalArgumentException("Need call init function before encryption/decryption");
         }
         int len;
+        byte[] c;
+        byte[] ad;
         if (forEncryption)
         {
             byte[] enc_input = message.toByteArray();
@@ -898,12 +892,6 @@ public int doFinal(byte[] output, int outOff)
         return len;
     }
 
-    @Override
-    public byte[] getMac()
-    {
-        return mac;
-    }
-
     @Override
     public int getUpdateOutputSize(int len)
     {

core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java

@@ -3,14 +3,9 @@
 import java.io.ByteArrayOutputStream;
 
 import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.OutputLengthException;
-import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
-import org.bouncycastle.crypto.modes.AEADCipher;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
 
 /**
  * Photon-Beetle, https://www.isical.ac.in/~lightweight/beetle/
@@ -34,7 +29,6 @@ public enum PhotonBeetleParameters
     private byte[] N;
     private byte[] state;
     private byte[][] state_2d;
-    private byte[] T;
     private boolean initialised;
     private final ByteArrayOutputStream aadData = new ByteArrayOutputStream();
     private final ByteArrayOutputStream message = new ByteArrayOutputStream();
@@ -97,12 +91,12 @@ public PhotonBeetleEngine(PhotonBeetleParameters pbp)
     public void init(boolean forEncryption, CipherParameters params)
         throws IllegalArgumentException
     {
-        byte[][] keyiv =initialize(forEncryption, params);
+        byte[][] keyiv = initialize(forEncryption, params);
         K = keyiv[0];
         N = keyiv[1];
         state = new byte[STATE_INBYTES];
         state_2d = new byte[D][D];
-        T = new byte[TAG_INBYTES];
+        mac = new byte[TAG_INBYTES];
         initialised = true;
         reset(false);
     }
@@ -200,18 +194,18 @@ public int doFinal(byte[] output, int outOff)
             state[STATE_INBYTES - 1] ^= 1 << LAST_THREE_BITS_OFFSET;
         }
         PHOTON_Permutation();
-        T = new byte[TAG_INBYTES];
-        System.arraycopy(state, 0, T, 0, TAG_INBYTES);
+        mac = new byte[TAG_INBYTES];
+        System.arraycopy(state, 0, mac, 0, TAG_INBYTES);
         if (forEncryption)
         {
-            System.arraycopy(T, 0, output, outOff, TAG_INBYTES);
+            System.arraycopy(mac, 0, output, outOff, TAG_INBYTES);
             len += TAG_INBYTES;
         }
         else
         {
             for (i = 0; i < TAG_INBYTES; ++i)
             {
-                if (T[i] != input[len + i])
+                if (mac[i] != input[len + i])
                 {
                     throw new IllegalArgumentException("Mac does not match");
                 }
@@ -221,12 +215,6 @@ public int doFinal(byte[] output, int outOff)
         return len;
     }
 
-    @Override
-    public byte[] getMac()
-    {
-        return T;
-    }
-
     @Override
     public int getUpdateOutputSize(int len)
     {
@@ -255,7 +243,7 @@ private void reset(boolean clearMac)
     {
         if (clearMac)
         {
-            T = null;
+            mac = null;
         }
         input_empty = true;
         aadData.reset();

core/src/main/java/org/bouncycastle/crypto/engines/SparkleEngine.java

@@ -1,15 +1,10 @@
 package org.bouncycastle.crypto.engines;
 
 import org.bouncycastle.crypto.CipherParameters;
-import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.DataLengthException;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.OutputLengthException;
-import org.bouncycastle.crypto.constraints.DefaultServiceProperties;
 import org.bouncycastle.crypto.digests.SparkleDigest;
-import org.bouncycastle.crypto.params.AEADParameters;
-import org.bouncycastle.crypto.params.KeyParameter;
-import org.bouncycastle.crypto.params.ParametersWithIV;
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Integers;
 import org.bouncycastle.util.Pack;
@@ -49,7 +44,6 @@ private enum State
     private final int[] state;
     private final int[] k;
     private final int[] npub;
-    private byte[] tag;
     private boolean encrypted;
     private State m_state = State.Uninitialized;
 
@@ -383,15 +377,15 @@ public int doFinal(byte[] out, int outOff)
         {
             state[RATE_WORDS + i] ^= k[i];
         }
-        tag = new byte[CRYPTO_ABYTES];
-        Pack.intToLittleEndian(state, RATE_WORDS, TAG_WORDS, tag, 0);
+        mac = new byte[CRYPTO_ABYTES];
+        Pack.intToLittleEndian(state, RATE_WORDS, TAG_WORDS, mac, 0);
         if (forEncryption)
         {
-            System.arraycopy(tag, 0, out, outOff, CRYPTO_ABYTES);
+            System.arraycopy(mac, 0, out, outOff, CRYPTO_ABYTES);
         }
         else
         {
-            if (!Arrays.constantTimeAreEqual(CRYPTO_ABYTES, tag, 0, m_buf, m_bufPos))
+            if (!Arrays.constantTimeAreEqual(CRYPTO_ABYTES, mac, 0, m_buf, m_bufPos))
             {
                 throw new InvalidCipherTextException(algorithmName + " mac does not match");
             }
@@ -400,11 +394,6 @@ public int doFinal(byte[] out, int outOff)
         return resultLength;
     }
 
-    public byte[] getMac()
-    {
-        return tag;
-    }
-
     public int getUpdateOutputSize(int len)
     {
         // The -1 is to account for the lazy processing of a full buffer
@@ -639,7 +628,7 @@ private void reset(boolean clearMac)
     {
         if (clearMac)
         {
-            tag = null;
+            mac = null;
         }
 
         Arrays.clear(m_buf);