diff options
author | David Hook <dgh@cryptoworkshop.com> | 2014-06-21 08:25:51 +0400 |
---|---|---|
committer | David Hook <dgh@cryptoworkshop.com> | 2014-06-21 08:25:51 +0400 |
commit | ced5721f840a6d816c81ff9f90cb9cca2efcd427 (patch) | |
tree | be4a8b640cbd82bf8c5273a6a3cba61a2d7e6553 | |
parent | 440199f57f9b1c49a3c8b5885745886c53daa22f (diff) | |
parent | 98dddf1380e0118cbb5969773d9fe884fda9af79 (diff) |
Merge remote-tracking branch 'origin/master'
7 files changed, 30 insertions, 8 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java b/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java index 89a0f7e1..b34f9ea5 100644 --- a/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java +++ b/core/src/main/java/org/bouncycastle/crypto/macs/GMac.java @@ -40,7 +40,8 @@ public class GMac implements Mac * Creates a GMAC based on the operation of a 128 bit block cipher in GCM mode. * * @param macSizeBits - * the mac size to generate, in bits. Must be a multiple of 8 and >= 96 and <= 128. + * the mac size to generate, in bits. Must be a multiple of 8 and >= 32 and <= 128. + * Sizes less than 96 are not recommended, but are supported for specialized applications. * @param cipher * the cipher to be used in GCM mode to generate the MAC. */ diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java index 4094dc59..0d458c46 100644 --- a/core/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java +++ b/core/src/main/java/org/bouncycastle/crypto/modes/GCMBlockCipher.java @@ -82,6 +82,10 @@ public class GCMBlockCipher return cipher.getAlgorithmName() + "/GCM"; } + /** + * NOTE: MAC sizes from 32 bits to 128 bits (must be a multiple of 8) are supported. The default is 128 bits. + * Sizes less than 96 are not recommended, but are supported for specialized applications. + */ public void init(boolean forEncryption, CipherParameters params) throws IllegalArgumentException { @@ -98,7 +102,7 @@ public class GCMBlockCipher initialAssociatedText = param.getAssociatedText(); int macSizeBits = param.getMacSize(); - if (macSizeBits < 96 || macSizeBits > 128 || macSizeBits % 8 != 0) + if (macSizeBits < 32 || macSizeBits > 128 || macSizeBits % 8 != 0) { throw new IllegalArgumentException("Invalid value for MAC size: " + macSizeBits); } @@ -128,9 +132,7 @@ public class GCMBlockCipher throw new IllegalArgumentException("IV must be at least 1 byte"); } - // TODO This should be configurable by init parameters - // (but must be 16 if nonce length not 12) (BLOCK_SIZE?) -// this.tagLength = 16; + // TODO Restrict macSize to 16 if nonce length not 12? // Cipher always used in forward mode // if keyParam is null we're reusing the last key. @@ -389,7 +391,6 @@ public class GCMBlockCipher gHASHBlock(S, X); - // TODO Fix this if tagLength becomes configurable // T = MSBt(GCTRk(J0,S)) byte[] tag = new byte[BLOCK_SIZE]; cipher.processBlock(J0, 0, tag, 0); diff --git a/core/src/main/javadoc/org/bouncycastle/math/custom/djb/package.html b/core/src/main/javadoc/org/bouncycastle/math/custom/djb/package.html new file mode 100644 index 00000000..344418b9 --- /dev/null +++ b/core/src/main/javadoc/org/bouncycastle/math/custom/djb/package.html @@ -0,0 +1,7 @@ +<html> +<body bgcolor="#ffffff"> +Experimental implementation of curve25519. Note that the curve implementation is in the short-Weierstrass form, +which is not the recommended (nor most suitable) approach. In particular, the input/output conventions are not +compliant with standard implementations, and point conversions would be needed to interoperate. +</body> +</html> diff --git a/core/src/main/javadoc/org/bouncycastle/math/custom/sec/package.html b/core/src/main/javadoc/org/bouncycastle/math/custom/sec/package.html new file mode 100644 index 00000000..bb2845c3 --- /dev/null +++ b/core/src/main/javadoc/org/bouncycastle/math/custom/sec/package.html @@ -0,0 +1,6 @@ +<html> +<body bgcolor="#ffffff"> +Custom implementations of (most of) the curves over Fp from the SEC specification. Uses the new "raw" math classes +in place of BigInteger, and includes customized modular reductions taking advantage of the special forms of the primes. +</body> +</html> diff --git a/core/src/main/javadoc/org/bouncycastle/math/raw/package.html b/core/src/main/javadoc/org/bouncycastle/math/raw/package.html new file mode 100644 index 00000000..061958b7 --- /dev/null +++ b/core/src/main/javadoc/org/bouncycastle/math/raw/package.html @@ -0,0 +1,5 @@ +<html> +<body bgcolor="#ffffff"> +Math support for raw multi-precision calculations. +</body> +</html> diff --git a/docs/releasenotes.html b/docs/releasenotes.html index 04899a60..7d1febd9 100644 --- a/docs/releasenotes.html +++ b/docs/releasenotes.html @@ -38,6 +38,8 @@ Release 1.51 <li>Support has been add for RFC5649 key wrapping using AES.</li> <li>The PGP API now allows access and handling of User IDs as raw byte arrays, to deal with keyrings not using UTF-8.</li> <li>The PGP API now provides automatic conversion of embedded signatures in signature sub-packet vectors.</li> +<li>GCM and GMAC now support tag lengths down to 32 bits.</li> +<li>Custom implementations for many of the SEC Fp curves have been added, resulting in drastically improved performance. The current list includes all secp***k1 and secp***r1 curves from 192 to 521 bits. They can be accessed via the org.bouncycastle.crypto.ec.CustomNamedCurves class and are generally selected by other internal APIs in place of the generic implementations.</li> </ul> <h3>2.1.4 Notes</h3> <ul> diff --git a/docs/specifications.html b/docs/specifications.html index 0deaa595..89582ab0 100644 --- a/docs/specifications.html +++ b/docs/specifications.html @@ -317,7 +317,7 @@ implementations <tr><td><b>CBCBlockCipherMac</b></td><td>blocksize/2 unless specified</td><td> </td></tr> <tr><td><b>CFBBlockCipherMac</b></td><td>blocksize/2, in CFB 8 mode, unless specified</td><td> </td></tr> <tr><td><b>CMac</b></td><td>24 to 128 bits</td><td>Usable with block ciphers, NIST SP 800-38B.</td></tr> -<tr><td><b>GMac</b></td><td>96 to 128 bits</td><td>Usable with GCM mode ciphers, defined for AES, NIST SP 800-38D.</td></tr> +<tr><td><b>GMac</b></td><td>32 to 128 bits</td><td>Usable with GCM mode ciphers, defined for AES, NIST SP 800-38D.</td></tr> <tr><td><b>GOST28147Mac</b></td><td>32 bits</td><td> </td></tr> <tr><td><b>ISO9797Alg3Mac</b></td><td>multiple of 8 bits up to underlying cipher size.</td><td> </td></tr> <tr><td><b>HMac</b></td><td>digest length</td><td> </td></tr> @@ -699,7 +699,7 @@ change as the draft is finalised. <table cellpadding=5 cellspacing=0 border=1 width=80%> <tr><th>Name</th><th>Output (in bits)</th><th>Notes</th></tr> <tr><td>Any MAC based on a block cipher, CBC (the default) and CFB modes.</td><td>half the cipher's block size (usually 32 bits)</td><td> </td></tr> -<tr><td>*-GMAC</td><td>96 to 128 bits</td><td>Usable with GCM mode ciphers, defined for AES, NIST SP 800-38D. e.g. AES-GMAC.</td></tr> +<tr><td>*-GMAC</td><td>32 to 128 bits</td><td>Usable with GCM mode ciphers, defined for AES, NIST SP 800-38D. e.g. AES-GMAC.</td></tr> <tr><td>VMPC-MAC</td><td>128</td><td> </td></tr> <tr><td>HMac-MD2</td><td>128</td><td> </td></tr> <tr><td>HMac-MD4</td><td>128</td><td> </td></tr> |