Update java doc, update initState of AsconCXof128, set AsconAEAD128 mac size range 4-16 bytes.

Author: gefeili

core/src/main/java/org/bouncycastle/crypto/digests/AsconCXof128.java

@@ -5,10 +5,10 @@
 
 /**
  * Ascon-CXOF128 was introduced in NIST Special Publication (SP) 800-232
- * (Initial Public Draft).
  * <p>
  * Additional details and the specification can be found in:
- * <a href="https://csrc.nist.gov/pubs/sp/800/232/ipd">NIST SP 800-232 (Initial Public Draft)</a>.
+ * <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-232.pdf">NIST SP 800-232
+ * Ascon-Based Lightweight Cryptography Standards for Constrained Devices</a>.
  * For reference source code and implementation details, please see:
  * <a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
  * ASM implementations of Ascon (NIST SP 800-232)</a>.
@@ -81,26 +81,18 @@ public void reset()
 
     private void initState(byte[] z, int zOff, int zLen)
     {
-//        p.set(0x0000080000cc0004L, 0L, 0L, 0L, 0L);
-//        p.p(12);
-
-        if (zLen == 0)
-        {
-//            p.p(12);
-//            padAndAbsorb();
-
-            p.set(0x500cccc894e3c9e8L, 0x5bed06f28f71248dL, 0x3b03a0f930afd512L, 0x112ef093aa5c698bL, 0x00c8356340a347f0L);
-        }
-        else
-        {
-            p.set(0x675527c2a0e8de03L, 0x43d12d7dc0377bbcL, 0xe9901dec426e81b5L, 0x2ab14907720780b6L, 0x8f3f1d02d432bc46L);
-
-            p.x0 ^= ((long)zLen) << 3;
-            p.p(12);
-            update(z, zOff, zLen);
-            padAndAbsorb();
-        }
-
+//        if (zLen == 0)
+//        {
+//            p.set(0x500cccc894e3c9e8L, 0x5bed06f28f71248dL, 0x3b03a0f930afd512L, 0x112ef093aa5c698bL, 0x00c8356340a347f0L);
+//        }
+//        else
+//        {
+        p.set(0x675527c2a0e8de03L, 0x43d12d7dc0377bbcL, 0xe9901dec426e81b5L, 0x2ab14907720780b6L, 0x8f3f1d02d432bc46L);
+        p.x0 ^= ((long)zLen) << 3;
+        p.p(12);
+        update(z, zOff, zLen);
+        padAndAbsorb();
+//        }
         super.reset();
     }
 }

core/src/main/java/org/bouncycastle/crypto/digests/AsconDigest.java

@@ -3,11 +3,11 @@
 import org.bouncycastle.util.Pack;
 
 /**
- * ASCON v1.2 Digest, https://ascon.iaik.tugraz.at/ .
+ * ASCON v1.2 Digest, <a href="https://ascon.iaik.tugraz.at/">...</a> .
  * <p>
- * https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf
+ * <a href="https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf">...</a>
  * <p>
- * ASCON v1.2 Digest with reference to C Reference Impl from: https://github.com/ascon/ascon-c .
+ * ASCON v1.2 Digest with reference to C Reference Impl from: <a href="https://github.com/ascon/ascon-c">...</a> .
  *
  * @deprecated use Ascon Hash 256 Digest
  */

core/src/main/java/org/bouncycastle/crypto/digests/AsconHash256.java

@@ -4,10 +4,10 @@
 
 /**
  * Ascon-Hash256 was introduced in NIST Special Publication (SP) 800-232
- * (Initial Public Draft).
  * <p>
  * Additional details and the specification can be found in:
- * <a href="https://csrc.nist.gov/pubs/sp/800/232/ipd">NIST SP 800-232 (Initial Public Draft)</a>.
+ * <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-232.pdf">NIST SP 800-232
+ * Ascon-Based Lightweight Cryptography Standards for Constrained Devices</a>.
  * For reference source code and implementation details, please see:
  * <a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
  * ASM implementations of Ascon (NIST SP 800-232)</a>.

core/src/main/java/org/bouncycastle/crypto/digests/AsconXof.java

@@ -3,11 +3,11 @@
 import org.bouncycastle.util.Pack;
 
 /**
- * ASCON v1.2 XOF, https://ascon.iaik.tugraz.at/ .
+ * ASCON v1.2 XOF, <a href="https://ascon.iaik.tugraz.at/">...</a> .
  * <p>
- * https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf
+ * <a href="https://csrc.nist.gov/CSRC/media/Projects/lightweight-cryptography/documents/finalist-round/updated-spec-doc/ascon-spec-final.pdf">...</a>
  * <p>
- * ASCON v1.2 XOF with reference to C Reference Impl from: https://github.com/ascon/ascon-c .
+ * ASCON v1.2 XOF with reference to C Reference Impl from: <a href="https://github.com/ascon/ascon-c">...</a> .
  *
  * @deprecated Now superseded - please use AsconXof128
  */

core/src/main/java/org/bouncycastle/crypto/digests/AsconXof128.java

@@ -4,10 +4,10 @@
 
 /**
  * Ascon-XOF128 was introduced in NIST Special Publication (SP) 800-232
- * (Initial Public Draft).
  * <p>
  * Additional details and the specification can be found in:
- * <a href="https://csrc.nist.gov/pubs/sp/800/232/ipd">NIST SP 800-232 (Initial Public Draft)</a>.
+ * <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-232.pdf">NIST SP 800-232
+ * Ascon-Based Lightweight Cryptography Standards for Constrained Devices</a>.
  * For reference source code and implementation details, please see:
  * <a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
  * ASM implementations of Ascon (NIST SP 800-232)</a>.

core/src/main/java/org/bouncycastle/crypto/engines/AEADBaseEngine.java

@@ -106,6 +106,7 @@ protected static class State
     protected int KEY_SIZE;
     protected int IV_SIZE;
     protected int MAC_SIZE;
+    protected int macSizeLowerBound = 0;
     protected byte[] initialAssociatedText;
     protected byte[] mac;
     protected byte[] m_buf;
@@ -157,9 +158,22 @@ public void init(boolean forEncryption, CipherParameters params)
             initialAssociatedText = aeadParameters.getAssociatedText();
 
             int macSizeBits = aeadParameters.getMacSize();
-            if (macSizeBits != MAC_SIZE * 8)
+            if (macSizeLowerBound == 0)
             {
-                throw new IllegalArgumentException("Invalid value for MAC size: " + macSizeBits);
+                if (macSizeBits != (MAC_SIZE << 3))
+                {
+                    throw new IllegalArgumentException("Invalid value for MAC size: " + macSizeBits);
+                }
+            }
+            else
+            {
+                //TODO: set macSizeUpperBound instead of 128 fix value if necessary
+                if (macSizeBits > 128 || macSizeBits < (macSizeLowerBound << 3) || (macSizeBits & 7) != 0)
+                {
+                    throw new IllegalArgumentException("MAC size must be between " + (macSizeLowerBound << 3) +
+                        " and 128 bits for " + algorithmName);
+                }
+                MAC_SIZE = macSizeBits >>> 3;
             }
         }
         else if (params instanceof ParametersWithIV)

core/src/main/java/org/bouncycastle/crypto/engines/AsconAEAD128.java

@@ -4,15 +4,15 @@
 import org.bouncycastle.util.Pack;
 
 /**
- * Ascon-AEAD128 was introduced as part of the NIST Lightweight Cryptography
- * competition and described in the NIST Special Publication SP 800-232 (Initial
- * Public Draft).
- * For additional details, see:
- * <ul>
- *     <li><a href="https://csrc.nist.gov/pubs/sp/800/232/ipd">NIST SP 800-232 (Initial Public Draft)</a></li>
- *     <li><a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
- *     ASM implementations of Ascon (NIST SP 800-232)</a></li>
- * </ul>
+ * Ascon-AEAD128 was introduced in NIST Special Publication (SP) 800-232
+ * <p>
+ * Additional details and the specification can be found in:
+ * <a href="https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-232.pdf">NIST SP 800-232
+ * Ascon-Based Lightweight Cryptography Standards for Constrained Devices</a>.
+ * For reference source code and implementation details, please see:
+ * <a href="https://github.com/ascon/ascon-c">Reference, highly optimized, masked C and
+ * ASM implementations of Ascon (NIST SP 800-232)</a>.
+ * </p>
  *
  * @version 1.3
  */
@@ -26,6 +26,7 @@ public AsconAEAD128()
         algorithmName = "Ascon-AEAD128";
         nr = 8;
         dsep = -9223372036854775808L; //0x80L << 56
+        macSizeLowerBound = 4;
         setInnerMembers(ProcessingBufferType.Immediate, AADOperatorType.Default, DataOperatorType.Default);
     }
 

core/src/test/java/org/bouncycastle/crypto/test/CipherTest.java

@@ -362,7 +362,7 @@ static void checkAEADParemeter(SimpleTest test, int keySize, int ivSize, final i
         }
         len += cipher.doFinal(plaintext1, len);
 
-        test.testException("Invalid value for MAC size: ", "IllegalArgumentException", new TestExceptionOperation()
+        test.testException("MAC size", "IllegalArgumentException", new TestExceptionOperation()
         {
             @Override
             public void operation()