diff options
| author | Tim Whittington <bc@whittington.net.nz> | 2014-03-06 00:01:50 +0400 |
|---|---|---|
| committer | Tim Whittington <bc@whittington.net.nz> | 2014-03-10 12:27:39 +0400 |
| commit | 089aec1b5ddcbd904ac057652c43c6f5b89d952d (patch) | |
| tree | 414f54ed84023bf47911fec79b945239e5b634aa /core/src/main/java/org | |
| parent | 7b2a25f8da879f8738d13cd302ed5e9ec2d62e07 (diff) | |
Add tests for output and update-output size calculation for AEAD ciphers and make all implementations consistent.
Modified buffering in EAXBlockCipher to blockSize + macLength (instead of blockSize * 2) to align it with the OCB/GCM/CCM implementations and its own update-output size calculations (which often overestimated by a block size).
As a side-effect this reduces data copying a bit.
Diffstat (limited to 'core/src/main/java/org')
| -rw-r--r-- | core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java b/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java index 8f740006..fbfe3727 100644 --- a/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java +++ b/core/src/main/java/org/bouncycastle/crypto/modes/EAXBlockCipher.java @@ -11,16 +11,16 @@ import org.bouncycastle.crypto.params.ParametersWithIV; import org.bouncycastle.util.Arrays; /** - * A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and + * A Two-Pass Authenticated-Encryption Scheme Optimized for Simplicity and * Efficiency - by M. Bellare, P. Rogaway, D. Wagner. - * + * * http://www.cs.ucdavis.edu/~rogaway/papers/eax.pdf - * - * EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block - * cipher to encrypt and authenticate data. It's on-line (the length of a + * + * EAX is an AEAD scheme based on CTR and OMAC1/CMAC, that uses a single block + * cipher to encrypt and authenticate data. It's on-line (the length of a * message isn't needed to begin processing it), has good performances, it's * simple and provably secure (provided the underlying block cipher is secure). - * + * * Of course, this implementations is NOT thread-safe. */ public class EAXBlockCipher @@ -43,7 +43,7 @@ public class EAXBlockCipher private byte[] nonceMac; private byte[] associatedTextMac; private byte[] macBlock; - + private int macSize; private byte[] bufBlock; private int bufOff; @@ -61,7 +61,6 @@ public class EAXBlockCipher blockSize = cipher.getBlockSize(); mac = new CMac(cipher); macBlock = new byte[blockSize]; - bufBlock = new byte[blockSize * 2]; associatedTextMac = new byte[mac.getMacSize()]; nonceMac = new byte[mac.getMacSize()]; this.cipher = new SICBlockCipher(cipher); @@ -113,6 +112,8 @@ public class EAXBlockCipher throw new IllegalArgumentException("invalid parameters passed to EAX"); } + bufBlock = new byte[forEncryption ? blockSize : (blockSize + macSize)]; + byte[] tag = new byte[blockSize]; // Key reuse implemented in CBC mode of underlying CMac @@ -123,9 +124,9 @@ public class EAXBlockCipher mac.update(nonce, 0, nonce.length); mac.doFinal(nonceMac, 0); - // Same BlockCipher underlies this and the mac, so reuse last key on cipher + // Same BlockCipher underlies this and the mac, so reuse last key on cipher cipher.init(true, new ParametersWithIV(null, nonceMac)); - + reset(); } @@ -245,7 +246,6 @@ public class EAXBlockCipher throw new DataLengthException("Output buffer too short"); } cipher.processBlock(bufBlock, 0, tmp, 0); - cipher.processBlock(bufBlock, blockSize, tmp, blockSize); System.arraycopy(tmp, 0, out, outOff, extra); @@ -270,7 +270,6 @@ public class EAXBlockCipher mac.update(bufBlock, 0, extra - macSize); cipher.processBlock(bufBlock, 0, tmp, 0); - cipher.processBlock(bufBlock, blockSize, tmp, blockSize); System.arraycopy(tmp, 0, out, outOff, extra - macSize); } @@ -347,8 +346,12 @@ public class EAXBlockCipher size = cipher.processBlock(bufBlock, 0, out, outOff); } - bufOff = blockSize; - System.arraycopy(bufBlock, blockSize, bufBlock, 0, blockSize); + bufOff = 0; + if (!forEncryption) + { + System.arraycopy(bufBlock, blockSize, bufBlock, 0, macSize); + bufOff = macSize; + } return size; } |