From 886b607a7706fcb6bec5822dfeffbdd9abae0536 Mon Sep 17 00:00:00 2001 From: gnu_user Date: Thu, 26 Dec 2013 21:54:50 -0500 Subject: Added support to use a Nonce/IV for IESEngine --- .../org/bouncycastle/crypto/engines/IESEngine.java | 54 ++++- .../java/org/bouncycastle/crypto/params/Nonce.java | 249 +++++++++++++++++++++ 2 files changed, 301 insertions(+), 2 deletions(-) create mode 100644 core/src/main/java/org/bouncycastle/crypto/params/Nonce.java (limited to 'core/src/main/java/org') diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java index ea8556de..f3050425 100755 --- a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java +++ b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java @@ -18,6 +18,8 @@ import org.bouncycastle.crypto.params.IESParameters; import org.bouncycastle.crypto.params.IESWithCipherParameters; import org.bouncycastle.crypto.params.KDFParameters; import org.bouncycastle.crypto.params.KeyParameter; +import org.strippedcastle.crypto.params.Nonce; +import org.strippedcastle.crypto.params.ParametersWithIV; import org.bouncycastle.crypto.util.Pack; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.BigIntegers; @@ -87,6 +89,35 @@ public class IESEngine this.cipher = cipher; } + /** + * TODO PERHAPS MAKE A NONCE INTERFACE RATHER THAN USING CIPHERPARAMETERS + * WHICH DOES NOT ACTUALLY HAVE ANYTHING SPECIFIED IN THE INTERFACE. + * + * set up for use in conjunction with a block cipher mode of operating using + * a nonce/IV to handle the message. + * + * @param agree the key agreement used as the basis for the encryption + * @param kdf the key derivation function used for byte generation + * @param mac the message authentication code generator for the message + * @param cipher the cipher to used for encrypting the message + * @param nonce the nonce/IV used by the block cipher, currently the only + * supported block ciphers are SIC/CTR, CBC, OFB, and CFB. The nonce + * provided must be an instance of the Nonce class. + */ + public IESEngine( + BasicAgreement agree, + DerivationFunction kdf, + Mac mac, + BufferedBlockCipher cipher, + CipherParameters nonce) + { + this.agree = agree; + this.kdf = kdf; + this.mac = mac; + this.macBuf = new byte[mac.getMacSize()]; + this.cipher = cipher; + this.nonce = nonce; + } /** * Initialise the encryptor. @@ -198,7 +229,17 @@ public class IESEngine System.arraycopy(K, 0, K1, 0, K1.length); System.arraycopy(K, K1.length, K2, 0, K2.length); - cipher.init(true, new KeyParameter(K1)); + /* If nonce provided get an IV and initialize the cipher */ + if (nonce != null) + { + byte[] IV = ((Nonce)nonce).nextNonce(); + cipher.init(true, new ParametersWithIV(new KeyParameter(K1), IV)); + } + else + { + cipher.init(true, new KeyParameter(K1)); + } + C = new byte[cipher.getOutputSize(inLen)]; len = cipher.processBytes(in, inOff, inLen, C, 0); len += cipher.doFinal(C, len); @@ -287,7 +328,16 @@ public class IESEngine System.arraycopy(K, 0, K1, 0, K1.length); System.arraycopy(K, K1.length, K2, 0, K2.length); - cipher.init(false, new KeyParameter(K1)); + /* If nonce provided get an IV and initialize the cipher */ + if (nonce != null) + { + byte[] IV = ((Nonce)nonce).nextNonce(); + cipher.init(false, new ParametersWithIV(new KeyParameter(K1), IV)); + } + else + { + cipher.init(false, new KeyParameter(K1)); + } M = new byte[cipher.getOutputSize(inLen - V.length - mac.getMacSize())]; len = cipher.processBytes(in_enc, inOff + V.length, inLen - V.length - mac.getMacSize(), M, 0); diff --git a/core/src/main/java/org/bouncycastle/crypto/params/Nonce.java b/core/src/main/java/org/bouncycastle/crypto/params/Nonce.java new file mode 100644 index 00000000..63ff9dcd --- /dev/null +++ b/core/src/main/java/org/bouncycastle/crypto/params/Nonce.java @@ -0,0 +1,249 @@ +/** + * Copyright (C) 2013 Jonathan Gillett, Joseph Heron + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +package org.spongycastle.crypto.params; + +import java.util.Arrays; + +import org.strippedcastle.crypto.CipherParameters; +import org.strippedcastle.crypto.DataLengthException; +import org.strippedcastle.crypto.prng.RandomGenerator; +import org.strippedcastle.crypto.MaxBytesExceededException; + +import com.orwell.csprng.ISAACRandomGenerator; + + +/** + * Provides support for generating numbers used once (nonce) which can be used as + * IVs for block cipher modes of operation such as CBC or CTR. The class uses a + * deterministic CSPRNG such as ISAAC to generate pseudo-random nonces which can + * then be used as IVs. + * + * This class functions as an external iterator generating a unique nonce each + * time the next operation is performed. Additionally, this class can also be + * initialized to any prior state given that the deterministic CSPRNG is provided + * with the same seed value it had prior and the IV of the last state. + */ +public class Nonce implements CipherParameters +{ + /* CSPRNG and current nonce */ + private ISAACRandomGenerator csprng; + private byte[] nonce; + + /* The maximum number of nonces that can be generated before the CSPRNG needs + * to be re-seeded or a CSPRNG with a new seed must be used for the Nonce. + */ + private static final int MAXCYCLES = 100000; + private int cycle = 0; + + + /** + * Construct the nonce with a deterministic CSPRNG, at the moment only ISAAC + * engine is supported, but in the future other CSPRNG such as ISAAC+ will + * also be supported. + * + * Note, as the CSPRNG is deterministic if you have already used the CSPRNG and + * initialized the Nonce object with the same seed value to generate nonces + * previously, you must create this object using the last nonce state in order + * to prevent reusing nonces/IVs, which is a security vulnerability. + * + * @param csprng Deterministic CSPRNG, currently only ISAAC is supported + * @throws IllegalArgumentException if the CSPRNG is not ISAAC + */ + public Nonce(RandomGenerator csprng) + throws IllegalArgumentException + { + if (! (csprng instanceof ISAACRandomGenerator)) + { + throw new IllegalArgumentException("Invalid CSPRNG, at the moment ONLY ISAAC is supported!"); + } + + this.csprng = (ISAACRandomGenerator)csprng; + } + + + /** + * Construct the nonce with a deterministic CSPRNG, at the moment only ISAAC + * engine is supported, but in the future other CSPRNG such as ISAAC+ will + * also be supported. + * + * Note, as the CSPRNG is deterministic if you have already used the CSPRNG and + * initialized the Nonce object with the same seed value to generate nonces + * previously, you must create this object using the last nonce state in order + * to prevent reusing nonces/IVs, which is a security vulnerability. + * + * @param csprng Deterministic CSPRNG, currently only ISAAC is supported + * @param lastCycle The last cycle counter for the nonce generated during an previous + * state of the Nonce object given the current CSPRNG, providing the last cycle prevents + * security vulnerabilities of re-using nonce/IVs. + * + * @throws IllegalArgumentException if the CSPRNG is not ISAAC + */ + public Nonce(RandomGenerator csprng, int lastCycle) + throws IllegalArgumentException + { + if (! (csprng instanceof ISAACRandomGenerator)) + { + throw new IllegalArgumentException("Invalid CSPRNG, at the moment ONLY ISAAC is supported!"); + } + + if (lastCycle >= MAXCYCLES) + { + throw new IllegalArgumentException("Invalid last cycle, value exceeds maximum number of cycles!"); + } + + this.csprng = (ISAACRandomGenerator)csprng; + this.cycle = lastCycle; + } + + + /** + * Initialize the CSPRNG used by the nonce with the seed value provided so + * that it is deterministic in generating random data. + * + * Again, because the CSPRNG is deterministic if you have already used the + * CSPRNG and initialized the Nonce object with the same seed value to + * generate nonces previously, you must create this object using the last + * nonce state in order to prevent reusing nonces/IVs, which is a security + * vulnerability. + * + * Lastly, if you initialize this object with incorrect seed value needed + * to generate the last nonce state the CSPRNG will eventually exhaust + * generating random numbers when it reaches MAXCYCLES and throw an + * exception, this prevents having to deal with the halting problem, where + * the program will run indefinitely generating random data. + * + * You must execute nextNonce after initializing the object in order to + * generate a unique nonce value. + * + * @param seed The seed value for the CSPRNG, must be specified + * @param nonceLen The default length of the nonce to generate, 0 to use + * the length of the prior nonce value. Must be specified if Nonce was + * constructed without a prior nonce value. + * + * @throws MaxBytesExceededException If CSPRNG reaches MAXCYCLES trying to + * return to the initial Nonce state, usually when the seed data provided is + * different than the previous seed data used to generate the last nonce state + * + * @throws DataLengthException If the nonceLength was not provided and the object + * was not instantiated with the prior nonce value of the last state. + */ + public void init(byte[] seed, int nonceLen) + throws MaxBytesExceededException, DataLengthException + { + if (nonce == null && nonceLen == 0) + { + throw new DataLengthException("You must provide a nonce length if no prior " + + "nonce value was given to the constructor!"); + } + + /* Initialize CSPRNG */ + csprng.init(seed); + + /* Construct a new empty nonce of the size specified*/ + nonce = new byte[nonceLen]; + + /* Prior nonce state cycle specified, initialize nonce to last state */ + if (cycle != 0) + { + byte[] curNonce = new byte[nonce.length]; + + for (int i = 1; i <= MAXCYCLES; ++i) + { + csprng.nextBytes(curNonce); + + if (cycle == i) + { + System.arraycopy(curNonce, 0, nonce, 0, curNonce.length); + break; + } + } + + /* Exception thrown if MAXCYCLES reached */ + if (cycle == MAXCYCLES) + { + throw new MaxBytesExceededException("Max cycles reached trying to return" + + "nonce to previous state!"); + } + } + } + + + /** + * Generates the next nonce and returns it + * + * @return The nonce + */ + public byte[] nextNonce() + { + nonce = new byte[nonce.length]; + csprng.nextBytes(nonce); + ++cycle; + return nonce; + } + + + /** + * Accesses the current nonce, you should always execute the nextNonce() + * method before accessing a nonce to ensure that a unique nonce has been + * generated. + * + * @return The nonce + */ + public byte[] getNonce() + { + return nonce; + } + + + /** + * Get the current cycle, this is the number of nonces that have been + * generated. This method is used to store the state of the generator + * to prevent IVs from being regenerated. + * + * @return The number of cycles, or nonces generated + */ + public int getCycle() + { + return cycle; + } + + + /** + * Re-seeds the CSPRNG with the seed value specified, if your are using + * this Nonce in a cryptographic system with more than one user/system + * all systems must re-seed at the same state with the same seed value + * in order to have the same sequence of nonces. Furthermore, if you + * re-create this Nonce object, you must initialize the object with + * this seed value to return to this state! + * + * @param seed The seed value for the CSPRNG, must be specified + */ + public void reSeed(byte[] seed) + { + csprng.addSeedMaterial(seed); + } + + + /** + * Resets the CSPRNG used by the None, after resetting the CSPRNG you must + * either re-initialize or re-seed it. + */ + public void reset() + { + csprng.reset(); + } +} -- cgit v1.2.3 From c5f193ee682048d7464347c24cd8876ffcbc62cb Mon Sep 17 00:00:00 2001 From: gnu_user Date: Thu, 26 Dec 2013 22:37:42 -0500 Subject: Fixed a bug, added error handling for message < MAC size --- core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'core/src/main/java/org') diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java index f3050425..bc03cdd3 100755 --- a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java +++ b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java @@ -35,6 +35,7 @@ public class IESEngine DerivationFunction kdf; Mac mac; BufferedBlockCipher cipher; + CipherParameters nonce; byte[] macBuf; boolean forEncryption; @@ -288,6 +289,12 @@ public class IESEngine byte[] M = null, K = null, K1 = null, K2 = null; int len; + /* Ensure that the length of the input is greater than the MAC in bytes */ + if (inLen <= (macKeySize / 8)) + { + throw new InvalidCipherTextException("Length of input must be greater than the MAC"); + } + if (cipher == null) { // Streaming mode. -- cgit v1.2.3 From 5af742237893e28bf6ed6af6827742b565cface6 Mon Sep 17 00:00:00 2001 From: gnu_user Date: Thu, 26 Dec 2013 22:43:37 -0500 Subject: Fixed a small bug, needed to get MAC size from param member --- core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core/src/main/java/org') diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java index bc03cdd3..bc0ccf5a 100755 --- a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java +++ b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java @@ -290,7 +290,7 @@ public class IESEngine int len; /* Ensure that the length of the input is greater than the MAC in bytes */ - if (inLen <= (macKeySize / 8)) + if (inLen <= (param.getMacKeySize() / 8)) { throw new InvalidCipherTextException("Length of input must be greater than the MAC"); } -- cgit v1.2.3 From 248775fc8b4559021714f7e1dcdc8e97e7e47d69 Mon Sep 17 00:00:00 2001 From: gnu_user Date: Sun, 29 Dec 2013 17:11:22 -0500 Subject: Updated IESEngine to reduce coupling with Nonce class The Nonce class and ISAACRandomGenerator are just too specific to the Orwell project and don't really belong in the Bouncy Castle library. Conflicts: core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java core/src/main/java/org/bouncycastle/crypto/params/Nonce.java --- .../org/bouncycastle/crypto/engines/IESEngine.java | 34 +-- .../java/org/bouncycastle/crypto/params/Nonce.java | 249 --------------------- 2 files changed, 17 insertions(+), 266 deletions(-) delete mode 100644 core/src/main/java/org/bouncycastle/crypto/params/Nonce.java (limited to 'core/src/main/java/org') diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java index bc0ccf5a..5f059527 100755 --- a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java +++ b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java @@ -18,8 +18,8 @@ import org.bouncycastle.crypto.params.IESParameters; import org.bouncycastle.crypto.params.IESWithCipherParameters; import org.bouncycastle.crypto.params.KDFParameters; import org.bouncycastle.crypto.params.KeyParameter; -import org.strippedcastle.crypto.params.Nonce; -import org.strippedcastle.crypto.params.ParametersWithIV; +import org.bouncycastle.crypto.params.ParametersWithIV; +import org.bouncycastle.crypto.prng.RandomGenerator; import org.bouncycastle.crypto.util.Pack; import org.bouncycastle.util.Arrays; import org.bouncycastle.util.BigIntegers; @@ -35,7 +35,7 @@ public class IESEngine DerivationFunction kdf; Mac mac; BufferedBlockCipher cipher; - CipherParameters nonce; + RandomGenerator nonceGenerator; byte[] macBuf; boolean forEncryption; @@ -91,9 +91,6 @@ public class IESEngine } /** - * TODO PERHAPS MAKE A NONCE INTERFACE RATHER THAN USING CIPHERPARAMETERS - * WHICH DOES NOT ACTUALLY HAVE ANYTHING SPECIFIED IN THE INTERFACE. - * * set up for use in conjunction with a block cipher mode of operating using * a nonce/IV to handle the message. * @@ -101,23 +98,22 @@ public class IESEngine * @param kdf the key derivation function used for byte generation * @param mac the message authentication code generator for the message * @param cipher the cipher to used for encrypting the message - * @param nonce the nonce/IV used by the block cipher, currently the only - * supported block ciphers are SIC/CTR, CBC, OFB, and CFB. The nonce - * provided must be an instance of the Nonce class. + * @param nonceGenerator the random generator that produces IVs used by the + * block cipher, must be initialized. */ public IESEngine( BasicAgreement agree, DerivationFunction kdf, Mac mac, BufferedBlockCipher cipher, - CipherParameters nonce) + RandomGenerator nonceGenerator) { this.agree = agree; this.kdf = kdf; this.mac = mac; this.macBuf = new byte[mac.getMacSize()]; this.cipher = cipher; - this.nonce = nonce; + this.nonceGenerator = nonceGenerator; } /** @@ -230,10 +226,12 @@ public class IESEngine System.arraycopy(K, 0, K1, 0, K1.length); System.arraycopy(K, K1.length, K2, 0, K2.length); - /* If nonce provided get an IV and initialize the cipher */ - if (nonce != null) + // If nonceGenerator provided get an IV and initialize the cipher + if (nonceGenerator != null) { - byte[] IV = ((Nonce)nonce).nextNonce(); + byte[] IV = new byte[K1.length]; + + nonceGenerator.nextBytes(IV); cipher.init(true, new ParametersWithIV(new KeyParameter(K1), IV)); } else @@ -335,10 +333,12 @@ public class IESEngine System.arraycopy(K, 0, K1, 0, K1.length); System.arraycopy(K, K1.length, K2, 0, K2.length); - /* If nonce provided get an IV and initialize the cipher */ - if (nonce != null) + // If nonceGenerator provided get an IV and initialize the cipher + if (nonceGenerator != null) { - byte[] IV = ((Nonce)nonce).nextNonce(); + byte[] IV = new byte[K1.length]; + + nonceGenerator.nextBytes(IV); cipher.init(false, new ParametersWithIV(new KeyParameter(K1), IV)); } else diff --git a/core/src/main/java/org/bouncycastle/crypto/params/Nonce.java b/core/src/main/java/org/bouncycastle/crypto/params/Nonce.java deleted file mode 100644 index 63ff9dcd..00000000 --- a/core/src/main/java/org/bouncycastle/crypto/params/Nonce.java +++ /dev/null @@ -1,249 +0,0 @@ -/** - * Copyright (C) 2013 Jonathan Gillett, Joseph Heron - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -package org.spongycastle.crypto.params; - -import java.util.Arrays; - -import org.strippedcastle.crypto.CipherParameters; -import org.strippedcastle.crypto.DataLengthException; -import org.strippedcastle.crypto.prng.RandomGenerator; -import org.strippedcastle.crypto.MaxBytesExceededException; - -import com.orwell.csprng.ISAACRandomGenerator; - - -/** - * Provides support for generating numbers used once (nonce) which can be used as - * IVs for block cipher modes of operation such as CBC or CTR. The class uses a - * deterministic CSPRNG such as ISAAC to generate pseudo-random nonces which can - * then be used as IVs. - * - * This class functions as an external iterator generating a unique nonce each - * time the next operation is performed. Additionally, this class can also be - * initialized to any prior state given that the deterministic CSPRNG is provided - * with the same seed value it had prior and the IV of the last state. - */ -public class Nonce implements CipherParameters -{ - /* CSPRNG and current nonce */ - private ISAACRandomGenerator csprng; - private byte[] nonce; - - /* The maximum number of nonces that can be generated before the CSPRNG needs - * to be re-seeded or a CSPRNG with a new seed must be used for the Nonce. - */ - private static final int MAXCYCLES = 100000; - private int cycle = 0; - - - /** - * Construct the nonce with a deterministic CSPRNG, at the moment only ISAAC - * engine is supported, but in the future other CSPRNG such as ISAAC+ will - * also be supported. - * - * Note, as the CSPRNG is deterministic if you have already used the CSPRNG and - * initialized the Nonce object with the same seed value to generate nonces - * previously, you must create this object using the last nonce state in order - * to prevent reusing nonces/IVs, which is a security vulnerability. - * - * @param csprng Deterministic CSPRNG, currently only ISAAC is supported - * @throws IllegalArgumentException if the CSPRNG is not ISAAC - */ - public Nonce(RandomGenerator csprng) - throws IllegalArgumentException - { - if (! (csprng instanceof ISAACRandomGenerator)) - { - throw new IllegalArgumentException("Invalid CSPRNG, at the moment ONLY ISAAC is supported!"); - } - - this.csprng = (ISAACRandomGenerator)csprng; - } - - - /** - * Construct the nonce with a deterministic CSPRNG, at the moment only ISAAC - * engine is supported, but in the future other CSPRNG such as ISAAC+ will - * also be supported. - * - * Note, as the CSPRNG is deterministic if you have already used the CSPRNG and - * initialized the Nonce object with the same seed value to generate nonces - * previously, you must create this object using the last nonce state in order - * to prevent reusing nonces/IVs, which is a security vulnerability. - * - * @param csprng Deterministic CSPRNG, currently only ISAAC is supported - * @param lastCycle The last cycle counter for the nonce generated during an previous - * state of the Nonce object given the current CSPRNG, providing the last cycle prevents - * security vulnerabilities of re-using nonce/IVs. - * - * @throws IllegalArgumentException if the CSPRNG is not ISAAC - */ - public Nonce(RandomGenerator csprng, int lastCycle) - throws IllegalArgumentException - { - if (! (csprng instanceof ISAACRandomGenerator)) - { - throw new IllegalArgumentException("Invalid CSPRNG, at the moment ONLY ISAAC is supported!"); - } - - if (lastCycle >= MAXCYCLES) - { - throw new IllegalArgumentException("Invalid last cycle, value exceeds maximum number of cycles!"); - } - - this.csprng = (ISAACRandomGenerator)csprng; - this.cycle = lastCycle; - } - - - /** - * Initialize the CSPRNG used by the nonce with the seed value provided so - * that it is deterministic in generating random data. - * - * Again, because the CSPRNG is deterministic if you have already used the - * CSPRNG and initialized the Nonce object with the same seed value to - * generate nonces previously, you must create this object using the last - * nonce state in order to prevent reusing nonces/IVs, which is a security - * vulnerability. - * - * Lastly, if you initialize this object with incorrect seed value needed - * to generate the last nonce state the CSPRNG will eventually exhaust - * generating random numbers when it reaches MAXCYCLES and throw an - * exception, this prevents having to deal with the halting problem, where - * the program will run indefinitely generating random data. - * - * You must execute nextNonce after initializing the object in order to - * generate a unique nonce value. - * - * @param seed The seed value for the CSPRNG, must be specified - * @param nonceLen The default length of the nonce to generate, 0 to use - * the length of the prior nonce value. Must be specified if Nonce was - * constructed without a prior nonce value. - * - * @throws MaxBytesExceededException If CSPRNG reaches MAXCYCLES trying to - * return to the initial Nonce state, usually when the seed data provided is - * different than the previous seed data used to generate the last nonce state - * - * @throws DataLengthException If the nonceLength was not provided and the object - * was not instantiated with the prior nonce value of the last state. - */ - public void init(byte[] seed, int nonceLen) - throws MaxBytesExceededException, DataLengthException - { - if (nonce == null && nonceLen == 0) - { - throw new DataLengthException("You must provide a nonce length if no prior " + - "nonce value was given to the constructor!"); - } - - /* Initialize CSPRNG */ - csprng.init(seed); - - /* Construct a new empty nonce of the size specified*/ - nonce = new byte[nonceLen]; - - /* Prior nonce state cycle specified, initialize nonce to last state */ - if (cycle != 0) - { - byte[] curNonce = new byte[nonce.length]; - - for (int i = 1; i <= MAXCYCLES; ++i) - { - csprng.nextBytes(curNonce); - - if (cycle == i) - { - System.arraycopy(curNonce, 0, nonce, 0, curNonce.length); - break; - } - } - - /* Exception thrown if MAXCYCLES reached */ - if (cycle == MAXCYCLES) - { - throw new MaxBytesExceededException("Max cycles reached trying to return" + - "nonce to previous state!"); - } - } - } - - - /** - * Generates the next nonce and returns it - * - * @return The nonce - */ - public byte[] nextNonce() - { - nonce = new byte[nonce.length]; - csprng.nextBytes(nonce); - ++cycle; - return nonce; - } - - - /** - * Accesses the current nonce, you should always execute the nextNonce() - * method before accessing a nonce to ensure that a unique nonce has been - * generated. - * - * @return The nonce - */ - public byte[] getNonce() - { - return nonce; - } - - - /** - * Get the current cycle, this is the number of nonces that have been - * generated. This method is used to store the state of the generator - * to prevent IVs from being regenerated. - * - * @return The number of cycles, or nonces generated - */ - public int getCycle() - { - return cycle; - } - - - /** - * Re-seeds the CSPRNG with the seed value specified, if your are using - * this Nonce in a cryptographic system with more than one user/system - * all systems must re-seed at the same state with the same seed value - * in order to have the same sequence of nonces. Furthermore, if you - * re-create this Nonce object, you must initialize the object with - * this seed value to return to this state! - * - * @param seed The seed value for the CSPRNG, must be specified - */ - public void reSeed(byte[] seed) - { - csprng.addSeedMaterial(seed); - } - - - /** - * Resets the CSPRNG used by the None, after resetting the CSPRNG you must - * either re-initialize or re-seed it. - */ - public void reset() - { - csprng.reset(); - } -} -- cgit v1.2.3 From 00be54019023705d35c14ba4f0b30f5275527767 Mon Sep 17 00:00:00 2001 From: gnu_user Date: Wed, 29 Jan 2014 00:46:55 -0500 Subject: Cleaned up comments to match sytle --- core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'core/src/main/java/org') diff --git a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java index 5f059527..d146d832 100755 --- a/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java +++ b/core/src/main/java/org/bouncycastle/crypto/engines/IESEngine.java @@ -287,7 +287,7 @@ public class IESEngine byte[] M = null, K = null, K1 = null, K2 = null; int len; - /* Ensure that the length of the input is greater than the MAC in bytes */ + // Ensure that the length of the input is greater than the MAC in bytes if (inLen <= (param.getMacKeySize() / 8)) { throw new InvalidCipherTextException("Length of input must be greater than the MAC"); -- cgit v1.2.3