Remove aadFinished

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/engines/GiftCofbEngine.java

@@ -182,7 +182,6 @@ private void pho(byte[] Y, byte[] M, int mOff, byte[] X, byte[] C, int cOff, int
     private void phoprime(byte[] Y, byte[] C, int cOff, byte[] X, byte[] M, int mOff, int no_of_bytes)
     {
         Bytes.xor(no_of_bytes, Y, C, cOff, M, mOff);
-        //xor_block(M, mOff, Y, C, cOff, no_of_bytes);
         pho1(X, Y, M, mOff, no_of_bytes);
     }
 
@@ -232,7 +231,6 @@ protected void finishAAD(State nextState, boolean isDoFinal)
         case DecAad:
             if (!isDoFinal && dataOperator.getLen() <= MAC_SIZE)
             {
-                //m_state = State.DecData;
                 return;
             }
         case EncInit:

core/src/main/java/org/bouncycastle/crypto/engines/ISAPEngine.java

@@ -27,36 +27,41 @@ public enum IsapType
     public ISAPEngine(IsapType isapType)
     {
         KEY_SIZE = IV_SIZE = MAC_SIZE = 16;
+        ProcessingBufferType bufferType;
         switch (isapType)
         {
         case ISAP_A_128A:
             ISAPAEAD = new ISAPAEAD_A_128A();
             algorithmName = "ISAP-A-128A AEAD";
+            bufferType = ProcessingBufferType.ImmediateLargeMac;
             break;
         case ISAP_K_128A:
             ISAPAEAD = new ISAPAEAD_K_128A();
             algorithmName = "ISAP-K-128A AEAD";
+            bufferType = ProcessingBufferType.Immediate;
             break;
         case ISAP_A_128:
             ISAPAEAD = new ISAPAEAD_A_128();
             algorithmName = "ISAP-A-128 AEAD";
+            bufferType = ProcessingBufferType.ImmediateLargeMac;
             break;
         case ISAP_K_128:
             ISAPAEAD = new ISAPAEAD_K_128();
             algorithmName = "ISAP-K-128 AEAD";
+            bufferType = ProcessingBufferType.Immediate;
             break;
+        default:
+            throw new IllegalArgumentException("Incorrect ISAP parameter");
         }
         AADBufferSize = BlockSize;
-        setInnerMembers(isapType == IsapType.ISAP_K_128A || isapType == IsapType.ISAP_K_128 ? ProcessingBufferType.Immediate :
-            ProcessingBufferType.ImmediateLargeMac, AADOperatorType.Default, DataOperatorType.Default);
+        setInnerMembers(bufferType, AADOperatorType.Default, DataOperatorType.Counter);
     }
 
     private static final int ISAP_STATE_SZ = 40;
     private byte[] k;
     private byte[] npub;
     private int ISAP_rH;
-    private boolean aadFinished;
-    private ISAP_AEAD ISAPAEAD;
+    private final ISAP_AEAD ISAPAEAD;
 
     private interface ISAP_AEAD
     {
@@ -706,32 +711,46 @@ protected void processBufferAAD(byte[] input, int inOff)
 
     protected void processFinalAAD()
     {
-        if (!aadFinished)
+        ISAPAEAD.absorbFinalAADBlock();
+    }
+
+    @Override
+    protected void finishAAD(State nextState, boolean isDoFinal)
+    {
+        // State indicates whether we ever received AAD
+        switch (m_state)
         {
-            ISAPAEAD.absorbFinalAADBlock();
-            m_aadPos = 0;
-            aadFinished = true;
+        case DecInit:
+        case DecAad:
+            if (!isDoFinal && dataOperator.getLen() <= MAC_SIZE)
+            {
+                return;
+            }
+        case EncInit:
+        case EncAad:
+            processFinalAAD();
+            break;
         }
+
+        m_aadPos = 0;
+        m_state = nextState;
     }
 
     protected void processBufferEncrypt(byte[] input, int inOff, byte[] output, int outOff)
     {
-        processFinalAAD();
         ISAPAEAD.processEncBlock(input, inOff, output, outOff);
         ISAPAEAD.absorbMacBlock(output, outOff);
     }
 
     protected void processBufferDecrypt(byte[] input, int inOff, byte[] output, int outOff)
     {
-        processFinalAAD();
         ISAPAEAD.processEncBlock(input, inOff, output, outOff);
         ISAPAEAD.absorbMacBlock(input, inOff);
     }
 
     @Override
     protected void processFinalBlock(byte[] output, int outOff)
     {
-        processFinalAAD();
         ISAPAEAD.processEncFinalBlock(output, outOff);
         if (forEncryption)
         {
@@ -748,7 +767,6 @@ protected void reset(boolean clearMac)
         ensureInitialized();
         bufferReset();
         ISAPAEAD.reset();
-        aadFinished = false;
         super.reset(clearMac);
     }
 }

core/src/main/java/org/bouncycastle/crypto/engines/PhotonBeetleEngine.java

@@ -29,7 +29,6 @@ public enum PhotonBeetleParameters
     private final int STATE_INBYTES;
     private final int LAST_THREE_BITS_OFFSET;
     private static final int D = 8;
-    private boolean aadFinished;
     private static final byte[][] RC = {
         {1, 3, 7, 14, 13, 11, 6, 12, 9, 2, 5, 10},
         {0, 2, 6, 15, 12, 10, 7, 13, 8, 3, 4, 11},
@@ -99,27 +98,45 @@ protected void processBufferAAD(byte[] input, int inOff)
         Bytes.xorTo(BlockSize, input, inOff, state);
     }
 
+    @Override
+    protected void finishAAD(State nextState, boolean isDoFinal)
+    {
+        // State indicates whether we ever received AAD
+        switch (m_state)
+        {
+        case DecInit:
+        case DecAad:
+            if (!isDoFinal && dataOperator.getLen() <= MAC_SIZE)
+            {
+                //m_state = State.DecData;
+                return;
+            }
+        case EncInit:
+        case EncAad:
+            processFinalAAD();
+            break;
+        }
+
+        m_aadPos = 0;
+        m_state = nextState;
+    }
+
     public void processFinalAAD()
     {
-        if (!aadFinished)
+        int aadLen = aadOperator.getLen();
+        if (aadLen != 0)
         {
-            int aadLen = aadOperator.getLen();
-            if (aadLen != 0)
+            if (m_aadPos != 0)
             {
-                if (m_aadPos != 0)
+                PhotonPermutation(state_2d, state);
+                Bytes.xorTo(m_aadPos, m_aad, state);
+                if (m_aadPos < BlockSize)
                 {
-                    PhotonPermutation(state_2d, state);
-                    Bytes.xorTo(m_aadPos, m_aad, state);
-                    if (m_aadPos < BlockSize)
-                    {
-                        state[m_aadPos] ^= 0x01; // ozs
-                    }
+                    state[m_aadPos] ^= 0x01; // ozs
                 }
-                state[STATE_INBYTES - 1] ^= select(dataOperator.getLen() - (forEncryption ? 0 : MAC_SIZE) > 0,
-                    ((aadLen % BlockSize) == 0), (byte)3, (byte)4) << LAST_THREE_BITS_OFFSET;
             }
-            m_aadPos = 0;
-            aadFinished = true;
+            state[STATE_INBYTES - 1] ^= select(dataOperator.getLen() - (forEncryption ? 0 : MAC_SIZE) > 0,
+                ((aadLen % BlockSize) == 0), (byte)3, (byte)4) << LAST_THREE_BITS_OFFSET;
         }
     }
 
@@ -183,7 +200,6 @@ protected void reset(boolean clearMac)
         ensureInitialized();
         bufferReset();
         input_empty = true;
-        aadFinished = false;
         System.arraycopy(K, 0, state, 0, K.length);
         System.arraycopy(N, 0, state, K.length, N.length);
         super.reset(clearMac);

core/src/main/java/org/bouncycastle/crypto/engines/XoodyakEngine.java

@@ -27,7 +27,6 @@ public class XoodyakEngine
         0x0000002C, 0x00000380, 0x000000F0, 0x000001A0, 0x00000012};
     private boolean encrypted;
     private byte aadcd;
-    private boolean aadFinished;
     private static final int ModeKeyed = 0;
     private static final int ModeHash = 1;
 
@@ -39,7 +38,7 @@ public XoodyakEngine()
         MAC_SIZE = 16;
         BlockSize = 24;
         AADBufferSize = 44;
-        setInnerMembers(ProcessingBufferType.Buffered, AADOperatorType.Default, DataOperatorType.Default);
+        setInnerMembers(ProcessingBufferType.Buffered, AADOperatorType.Default, DataOperatorType.Counter);
     }
 
     @Override
@@ -61,23 +60,39 @@ protected void processBufferAAD(byte[] input, int inOff)
 
     protected void processFinalAAD()
     {
-        if (!aadFinished)
+        AbsorbAny(m_aad, 0, m_aadPos, aadcd);
+        m_aadPos = 0;
+    }
+
+    @Override
+    protected void finishAAD(State nextState, boolean isDoFinal)
+    {
+        // State indicates whether we ever received AAD
+        switch (m_state)
         {
-            AbsorbAny(m_aad, 0, m_aadPos, aadcd);
-            aadFinished = true;
-            m_aadPos = 0;
+        case DecInit:
+        case DecAad:
+            if (!isDoFinal && dataOperator.getLen() <= MAC_SIZE)
+            {
+                return;
+            }
+        case EncInit:
+        case EncAad:
+            processFinalAAD();
+            break;
         }
+
+        m_aadPos = 0;
+        m_state = nextState;
     }
 
     protected void processBufferEncrypt(byte[] input, int inOff, byte[] output, int outOff)
     {
-        processFinalAAD();
         encrypt(input, inOff, BlockSize, output, outOff);
     }
 
     protected void processBufferDecrypt(byte[] input, int inOff, byte[] output, int outOff)
     {
-        processFinalAAD();
         decrypt(input, inOff, BlockSize, output, outOff);
     }
 
@@ -124,7 +139,6 @@ private void decrypt(byte[] input, int inOff, int len, byte[] output, int outOff
     @Override
     protected void processFinalBlock(byte[] output, int outOff)
     {
-        processFinalAAD();
         if (forEncryption)
         {
             Arrays.fill(m_buf, m_bufPos, BlockSize, (byte)0);
@@ -143,7 +157,6 @@ protected void reset(boolean clearMac)
         ensureInitialized();
         super.reset(clearMac);
         Arrays.fill(state, (byte)0);
-        aadFinished = false;
         encrypted = false;
         phase = PhaseUp;
         aadcd = (byte)0x03;