Refactor on AEADBufferBaseEngine, and prepare to make SparkleEngine inherit from AEADBufferBaseEngine.

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/engines/AEADBufferBaseEngine.java

@@ -35,12 +35,12 @@ protected enum State
     public void processAADByte(byte input)
     {
         checkAAD();
-        m_aad[m_aadPos++] = input;
-        if (m_aadPos >= AADBufferSize)
+        if (m_aadPos == AADBufferSize)
         {
             processBufferAAD(m_aad, 0);
             m_aadPos = 0;
         }
+        m_aad[m_aadPos++] = input;
     }
 
     @Override
@@ -74,7 +74,7 @@ public void processAADBytes(byte[] input, int inOff, int len)
             processBufferAAD(m_aad, 0);
             m_aadPos = 0;
         }
-        while (len >= AADBufferSize)
+        while (len > AADBufferSize)
         {
             processBufferAAD(input, inOff);
             inOff += AADBufferSize;
@@ -92,20 +92,17 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out
         {
             throw new DataLengthException("input buffer too short");
         }
-        int blockLen = len + m_bufPos - (forEncryption ? 0 : MAC_SIZE);
-        if (blockLen / BlockSize * BlockSize + outOff > output.length)
-        {
-            throw new OutputLengthException("output buffer is too short");
-        }
+
         boolean forEncryption = checkData();
+
         int resultLength = 0;
 
         if (forEncryption)
         {
             if (m_bufPos > 0)
             {
                 int available = BlockSize - m_bufPos;
-                if (len < available)
+                if (len <= available)
                 {
                     System.arraycopy(input, inOff, m_buf, m_bufPos, len);
                     m_bufPos += len;
@@ -116,14 +113,14 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out
                 inOff += available;
                 len -= available;
 
-                processBuffer(m_buf, 0, output, outOff);
+                validateAndProcessBuffer(m_buf, 0, output, outOff);
                 resultLength = BlockSize;
                 //m_bufPos = 0;
             }
 
-            while (len >= BlockSize)
+            while (len > BlockSize)
             {
-                processBuffer(input, inOff, output, outOff + resultLength);
+                validateAndProcessBuffer(input, inOff, output, outOff + resultLength);
                 inOff += BlockSize;
                 len -= BlockSize;
                 resultLength += BlockSize;
@@ -132,16 +129,16 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out
         else
         {
             int available = BlockSize + MAC_SIZE - m_bufPos;
-            if (len < available)
+            if (len <= available)
             {
                 System.arraycopy(input, inOff, m_buf, m_bufPos, len);
                 m_bufPos += len;
                 return 0;
             }
 
-            if (m_bufPos >= BlockSize)
+            if (m_bufPos > BlockSize)
             {
-                processBuffer(m_buf, 0, output, outOff);
+                validateAndProcessBuffer(m_buf, 0, output, outOff);
                 m_bufPos -= BlockSize;
                 System.arraycopy(m_buf, BlockSize, m_buf, 0, m_bufPos);
                 resultLength = BlockSize;
@@ -159,13 +156,13 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out
             System.arraycopy(input, inOff, m_buf, m_bufPos, available);
             inOff += available;
             len -= available;
-            processBuffer(m_buf, 0, output, outOff + resultLength);
+            validateAndProcessBuffer(m_buf, 0, output, outOff + resultLength);
             resultLength += BlockSize;
             //m_bufPos = 0;
 
-            while (len >= BlockSize + MAC_SIZE)
+            while (len > BlockSize + MAC_SIZE)
             {
-                processBuffer(input, inOff, output, outOff + resultLength);
+                validateAndProcessBuffer(input, inOff, output, outOff + resultLength);
                 inOff += BlockSize;
                 len -= BlockSize;
                 resultLength += BlockSize;
@@ -182,10 +179,6 @@ public int processBytes(byte[] input, int inOff, int len, byte[] output, int out
     public int doFinal(byte[] output, int outOff)
         throws IllegalStateException, InvalidCipherTextException
     {
-        if (!initialised)
-        {
-            throw new IllegalStateException("Need call init function before encryption/decryption");
-        }
         boolean forEncryption = checkData();
         int resultLength;
         if (forEncryption)
@@ -362,6 +355,15 @@ protected void bufferReset()
         }
     }
 
+    protected void validateAndProcessBuffer(byte[] input, int inOff, byte[] output, int outOff)
+    {
+        if (outOff > output.length - BlockSize)
+        {
+            throw new OutputLengthException("output buffer too short");
+        }
+        processBuffer(input, inOff, output, outOff);
+    }
+
     protected abstract void processFinalBlock(byte[] output, int outOff);
 
     protected abstract void processBufferAAD(byte[] input, int inOff);

core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java

@@ -131,9 +131,17 @@ public void absorbMacBlock(byte[] input, int inOff)
 
         public void absorbFinalAADBlock()
         {
-            for (int i = 0; i < m_aadPos; ++i)
+            if (m_aadPos == AADBufferSize)
             {
-                x0 ^= (m_aad[i] & 0xFFL) << ((7 - i) << 3);
+                absorbMacBlock(m_aad, 0);
+                m_aadPos = 0;
+            }
+            else
+            {
+                for (int i = 0; i < m_aadPos; ++i)
+                {
+                    x0 ^= (m_aad[i] & 0xFFL) << ((7 - i) << 3);
+                }
             }
             x0 ^= 0x80L << ((7 - m_aadPos) << 3);
             P12();
@@ -142,9 +150,17 @@ public void absorbFinalAADBlock()
 
         public void processMACFinal(byte[] input, int inOff, int len, byte[] tag)
         {
-            for (int i = 0; i < len; ++i)
+            if (len == BlockSize)
             {
-                x0 ^= (input[inOff++] & 0xFFL) << ((7 - i) << 3);
+                absorbMacBlock(input, inOff);
+                len = 0;
+            }
+            else
+            {
+                for (int i = 0; i < len; ++i)
+                {
+                    x0 ^= (input[inOff++] & 0xFFL) << ((7 - i) << 3);
+                }
             }
             x0 ^= 0x80L << ((7 - len) << 3);
             P12();
@@ -190,12 +206,19 @@ public void processEncBlock(byte[] input, int inOff, byte[] output, int outOff)
 
         public void processEncFinalBlock(byte[] output, int outOff)
         {
-            /* Encrypt final m block */
-            byte[] xo = Pack.longToLittleEndian(x0);
-            int mlen = m_bufPos;
-            while (mlen > 0)
+            if (m_bufPos == BlockSize)
             {
-                output[outOff + mlen - 1] = (byte)(xo[BlockSize - mlen] ^ m_buf[--mlen]);
+                processEncBlock(m_buf, 0, output, outOff);
+            }
+            else
+            {
+                /* Encrypt final m block */
+                byte[] xo = Pack.longToLittleEndian(x0);
+                int mlen = m_bufPos;
+                while (mlen > 0)
+                {
+                    output[outOff + mlen - 1] = (byte)(xo[BlockSize - mlen] ^ m_buf[--mlen]);
+                }
             }
         }
 
@@ -384,9 +407,17 @@ public void absorbMacBlock(byte[] input, int inOff)
 
         public void absorbFinalAADBlock()
         {
-            for (int i = 0; i < m_aadPos; i++)
+            if (m_aadPos == AADBufferSize)
+            {
+                absorbMacBlock(m_aad, 0);
+                m_aadPos = 0;
+            }
+            else
             {
-                SX[i >> 1] ^= (m_aad[i] & 0xFF) << ((i & 1) << 3);
+                for (int i = 0; i < m_aadPos; i++)
+                {
+                    SX[i >> 1] ^= (m_aad[i] & 0xFF) << ((i & 1) << 3);
+                }
             }
             SX[m_aadPos >> 1] ^= 0x80 << ((m_aadPos & 1) << 3);
             PermuteRoundsHX(SX, E, C);
@@ -417,10 +448,18 @@ public void isap_rk(short[] iv16, byte[] y, int ylen, short[] out16, int outlen,
 
         public void processMACFinal(byte[] input, int inOff, int len, byte[] tag)
         {
-            // Absorb C final block
-            for (int i = 0; i < len; i++)
+            if (len == BlockSize)
+            {
+                absorbMacBlock(input, inOff);
+                len = 0;
+            }
+            else
             {
-                SX[i >> 1] ^= (input[inOff++] & 0xFF) << ((i & 1) << 3);
+                // Absorb C final block
+                for (int i = 0; i < len; i++)
+                {
+                    SX[i >> 1] ^= (input[inOff++] & 0xFF) << ((i & 1) << 3);
+                }
             }
             SX[len >> 1] ^= 0x80 << ((len & 1) << 3);
             PermuteRoundsHX(SX, E, C);

core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java

@@ -146,7 +146,10 @@ protected void processFinalBlock(byte[] output, int outOff)
             {
                 PHOTON_Permutation();
                 rhoohr(output, outOff, m_buf, 0, bufferLen);
-                state[bufferLen] ^= 0x01; // ozs
+                if(bufferLen < BlockSize)
+                {
+                    state[bufferLen] ^= 0x01; // ozs
+                }
             }
             state[STATE_INBYTES - 1] ^= c1 << LAST_THREE_BITS_OFFSET;
         }