Merge remote-tracking branch 'tonywasher/nistAEADoutputLength' into 1924-lightweight-aead-output-size

gefeili · gefeili · commit cb38f25c4810 · 2024-11-28T10:11:34.000+10:30
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/ElephantEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/ElephantEngine.java
@@ -404,6 +404,7 @@ public int doFinal(byte[] output, int outOff)
             throw new OutputLengthException("output buffer is too short");
         }
         int mlen = len + messageLen - (forEncryption ? 0 : CRYPTO_ABYTES);
+        int rv = mlen - messageLen;
         int adlen = processAADBytes();
         int nblocks_c = 1 + mlen / BLOCK_SIZE;
         int nblocks_m = (mlen % BLOCK_SIZE) != 0 ? nblocks_c : nblocks_c - 1;
@@ -418,7 +419,7 @@ public int doFinal(byte[] output, int outOff)
         {
             System.arraycopy(tag_buffer, 0, tag, 0, CRYPTO_ABYTES);
             System.arraycopy(tag, 0, output, outOff, tag.length);
-            mlen += CRYPTO_ABYTES;
+            rv += CRYPTO_ABYTES;
         }
         else
         {
@@ -432,7 +433,7 @@ public int doFinal(byte[] output, int outOff)
             }
         }
         reset(false);
-        return mlen;
+        return rv;
     }
 
     @Override
@@ -455,6 +456,8 @@ public int getUpdateOutputSize(int len)
         case EncData:
         case EncInit:
             return inputOff + len + CRYPTO_ABYTES;
+        case DecData:
+            return inputOff + len;
         }
         return Math.max(0, len + inputOff - CRYPTO_ABYTES);
     }
@@ -472,9 +475,9 @@ public int getOutputSize(int len)
         case EncAad:
         case EncData:
         case EncInit:
-            return len + CRYPTO_ABYTES;
+            return len + inputOff + CRYPTO_ABYTES;
         }
-        return Math.max(0, len - CRYPTO_ABYTES);
+        return Math.max(0, len + inputOff - CRYPTO_ABYTES);
     }
 
     @Override
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java
@@ -806,7 +806,7 @@ public void init(boolean forEncryption, CipherParameters params)
         if (iv == null || iv.length != 16)
         {
             throw new IllegalArgumentException(
-                "ISAP AEAD requires exactly 12 bytes of IV");
+                "ISAP AEAD requires exactly 16 bytes of IV");
         }
 
         if (!(ivParams.getParameters() instanceof KeyParameter))
@@ -961,13 +961,13 @@ public byte[] getMac()
     @Override
     public int getUpdateOutputSize(int len)
     {
-        return len;
+        return len + message.size();
     }
 
     @Override
     public int getOutputSize(int len)
     {
-        return len + 16;
+        return Math.max(0, len + message.size() + (forEncryption ? 16 : -16));
     }
 
     @Override
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java
@@ -270,13 +270,13 @@ public byte[] getMac()
     @Override
     public int getUpdateOutputSize(int len)
     {
-        return len;
+        return len + message.size();
     }
 
     @Override
     public int getOutputSize(int len)
     {
-        return len + TAG_INBYTES;
+        return Math.max(0, len + message.size() + (forEncryption ? TAG_INBYTES : -TAG_INBYTES));
     }
 
     @Override
diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/XoodyakEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/XoodyakEngine.java
@@ -262,13 +262,13 @@ public byte[] getMac()
     @Override
     public int getUpdateOutputSize(int len)
     {
-        return len;
+        return len + message.size();
     }
 
     @Override
     public int getOutputSize(int len)
     {
-        return len + TAGLEN;
+        return Math.max(0, len + message.size() + (forEncryption ? TAGLEN : -TAGLEN));
     }
 
     @Override

Original file line number	Diff line number	Diff line change
`@@ -404,6 +404,7 @@ public int doFinal(byte[] output, int outOff)`
`404`	`404`	`throw new OutputLengthException("output buffer is too short");`
`405`	`405`	`}`
`406`	`406`	`int mlen = len + messageLen - (forEncryption ? 0 : CRYPTO_ABYTES);`
	`407`	`+ int rv = mlen - messageLen;`
`407`	`408`	`int adlen = processAADBytes();`
`408`	`409`	`int nblocks_c = 1 + mlen / BLOCK_SIZE;`
`409`	`410`	`int nblocks_m = (mlen % BLOCK_SIZE) != 0 ? nblocks_c : nblocks_c - 1;`
`@@ -418,7 +419,7 @@ public int doFinal(byte[] output, int outOff)`
`418`	`419`	`{`
`419`	`420`	`System.arraycopy(tag_buffer, 0, tag, 0, CRYPTO_ABYTES);`
`420`	`421`	`System.arraycopy(tag, 0, output, outOff, tag.length);`
`421`		`- mlen += CRYPTO_ABYTES;`
	`422`	`+ rv += CRYPTO_ABYTES;`
`422`	`423`	`}`
`423`	`424`	`else`
`424`	`425`	`{`
`@@ -432,7 +433,7 @@ public int doFinal(byte[] output, int outOff)`
`432`	`433`	`}`
`433`	`434`	`}`
`434`	`435`	`reset(false);`
`435`		`- return mlen;`
	`436`	`+ return rv;`
`436`	`437`	`}`
`437`	`438`
`438`	`439`	`@Override`
`@@ -455,6 +456,8 @@ public int getUpdateOutputSize(int len)`
`455`	`456`	`case EncData:`
`456`	`457`	`case EncInit:`
`457`	`458`	`return inputOff + len + CRYPTO_ABYTES;`
	`459`	`+ case DecData:`
	`460`	`+ return inputOff + len;`
`458`	`461`	`}`
`459`	`462`	`return Math.max(0, len + inputOff - CRYPTO_ABYTES);`
`460`	`463`	`}`
`@@ -472,9 +475,9 @@ public int getOutputSize(int len)`
`472`	`475`	`case EncAad:`
`473`	`476`	`case EncData:`
`474`	`477`	`case EncInit:`
`475`		`- return len + CRYPTO_ABYTES;`
	`478`	`+ return len + inputOff + CRYPTO_ABYTES;`
`476`	`479`	`}`
`477`		`- return Math.max(0, len - CRYPTO_ABYTES);`
	`480`	`+ return Math.max(0, len + inputOff - CRYPTO_ABYTES);`
`478`	`481`	`}`
`479`	`482`
`480`	`483`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -806,7 +806,7 @@ public void init(boolean forEncryption, CipherParameters params)`
`806`	`806`	`if (iv == null \|\| iv.length != 16)`
`807`	`807`	`{`
`808`	`808`	`throw new IllegalArgumentException(`
`809`		`- "ISAP AEAD requires exactly 12 bytes of IV");`
	`809`	`+ "ISAP AEAD requires exactly 16 bytes of IV");`
`810`	`810`	`}`
`811`	`811`
`812`	`812`	`if (!(ivParams.getParameters() instanceof KeyParameter))`
`@@ -961,13 +961,13 @@ public byte[] getMac()`
`961`	`961`	`@Override`
`962`	`962`	`public int getUpdateOutputSize(int len)`
`963`	`963`	`{`
`964`		`- return len;`
	`964`	`+ return len + message.size();`
`965`	`965`	`}`
`966`	`966`
`967`	`967`	`@Override`
`968`	`968`	`public int getOutputSize(int len)`
`969`	`969`	`{`
`970`		`- return len + 16;`
	`970`	`+ return Math.max(0, len + message.size() + (forEncryption ? 16 : -16));`
`971`	`971`	`}`
`972`	`972`
`973`	`973`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -270,13 +270,13 @@ public byte[] getMac()`
`270`	`270`	`@Override`
`271`	`271`	`public int getUpdateOutputSize(int len)`
`272`	`272`	`{`
`273`		`- return len;`
	`273`	`+ return len + message.size();`
`274`	`274`	`}`
`275`	`275`
`276`	`276`	`@Override`
`277`	`277`	`public int getOutputSize(int len)`
`278`	`278`	`{`
`279`		`- return len + TAG_INBYTES;`
	`279`	`+ return Math.max(0, len + message.size() + (forEncryption ? TAG_INBYTES : -TAG_INBYTES));`
`280`	`280`	`}`
`281`	`281`
`282`	`282`	`@Override`
Original file line number	Diff line number	Diff line change
`@@ -262,13 +262,13 @@ public byte[] getMac()`
`262`	`262`	`@Override`
`263`	`263`	`public int getUpdateOutputSize(int len)`
`264`	`264`	`{`
`265`		`- return len;`
	`265`	`+ return len + message.size();`
`266`	`266`	`}`
`267`	`267`
`268`	`268`	`@Override`
`269`	`269`	`public int getOutputSize(int len)`
`270`	`270`	`{`
`271`		`- return len + TAGLEN;`
	`271`	`+ return Math.max(0, len + message.size() + (forEncryption ? TAGLEN : -TAGLEN));`
`272`	`272`	`}`
`273`	`273`
`274`	`274`	`@Override`