Skip to content

Commit 413b42f

Browse files
committed
added better support for DH domain parameters
added s box allocation to AESEngine reduced use of AESFastEngine.
1 parent 1127131 commit 413b42f

File tree

8 files changed

+288
-136
lines changed

8 files changed

+288
-136
lines changed

Diff for: core/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java

+19-8
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
import org.bouncycastle.crypto.DataLengthException;
66
import org.bouncycastle.crypto.OutputLengthException;
77
import org.bouncycastle.crypto.params.KeyParameter;
8+
import org.bouncycastle.util.Arrays;
89
import org.bouncycastle.util.Pack;
910

1011
/**
@@ -415,6 +416,8 @@ private int[][] generateWorkingKey(byte[] key, boolean forEncryption)
415416
private int C0, C1, C2, C3;
416417
private boolean forEncryption;
417418

419+
private byte[] s;
420+
418421
private static final int BLOCK_SIZE = 16;
419422

420423
/**
@@ -440,6 +443,14 @@ public void init(
440443
{
441444
WorkingKey = generateWorkingKey(((KeyParameter)params).getKey(), forEncryption);
442445
this.forEncryption = forEncryption;
446+
if (forEncryption)
447+
{
448+
s = Arrays.clone(S);
449+
}
450+
else
451+
{
452+
s = Arrays.clone(Si);
453+
}
443454
return;
444455
}
445456

@@ -578,10 +589,10 @@ private void encryptBlock(int[][] KW)
578589

579590
// the final round's table is a simple function of S so we don't use a whole other four tables for it
580591

581-
this.C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
582-
this.C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
583-
this.C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
584-
this.C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
592+
this.C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((s[(r2>>16)&255]&255)<<16) ^ (s[(r3>>24)&255]<<24) ^ KW[r][0];
593+
this.C1 = (s[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (s[(r0>>24)&255]<<24) ^ KW[r][1];
594+
this.C2 = (s[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
595+
this.C3 = (s[r3&255]&255) ^ ((s[(r0>>8)&255]&255)<<8) ^ ((s[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
585596
}
586597

587598
private void decryptBlock(int[][] KW)
@@ -610,9 +621,9 @@ private void decryptBlock(int[][] KW)
610621

611622
// the final round's table is a simple function of Si so we don't use a whole other four tables for it
612623

613-
this.C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
614-
this.C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
615-
this.C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
616-
this.C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
624+
this.C0 = (Si[r0&255]&255) ^ ((s[(r3>>8)&255]&255)<<8) ^ ((s[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
625+
this.C1 = (s[r1&255]&255) ^ ((s[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (s[(r2>>24)&255]<<24) ^ KW[0][1];
626+
this.C2 = (s[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (s[(r3>>24)&255]<<24) ^ KW[0][2];
627+
this.C3 = (Si[r3&255]&255) ^ ((s[(r2>>8)&255]&255)<<8) ^ ((s[(r1>>16)&255]&255)<<16) ^ (s[(r0>>24)&255]<<24) ^ KW[0][3];
617628
}
618629
}

Diff for: core/src/main/java/org/bouncycastle/crypto/params/DHPublicKeyParameters.java

+6-6
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,12 @@ private BigInteger validate(BigInteger y, DHParameters dhParams)
2626
throw new NullPointerException("y value cannot be null");
2727
}
2828

29+
// TLS check
30+
if (y.compareTo(TWO) < 0 || y.compareTo(dhParams.getP().subtract(TWO)) > 0)
31+
{
32+
throw new IllegalArgumentException("invalid DH public key");
33+
}
34+
2935
if (dhParams.getQ() != null)
3036
{
3137
if (ONE.equals(y.modPow(dhParams.getQ(), dhParams.getP())))
@@ -37,12 +43,6 @@ private BigInteger validate(BigInteger y, DHParameters dhParams)
3743
}
3844
else
3945
{
40-
// TLS check
41-
if (y.compareTo(TWO) < 0 || y.compareTo(dhParams.getP().subtract(TWO)) > 0)
42-
{
43-
throw new IllegalArgumentException("invalid DH public key");
44-
}
45-
4646
return y; // we can't validate without Q.
4747
}
4848
}

Diff for: prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/BCDHPublicKey.java

+24-1
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,12 @@
1616
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
1717
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
1818
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
19-
import org.bouncycastle.asn1.x9.DHDomainParameters;
2019
import org.bouncycastle.asn1.x9.DomainParameters;
20+
import org.bouncycastle.asn1.x9.ValidationParams;
2121
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
22+
import org.bouncycastle.crypto.params.DHParameters;
2223
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
24+
import org.bouncycastle.crypto.params.DHValidationParameters;
2325
import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;
2426

2527
public class BCDHPublicKey
@@ -29,6 +31,7 @@ public class BCDHPublicKey
2931

3032
private BigInteger y;
3133

34+
private transient DHPublicKeyParameters dhPublicKey;
3235
private transient DHParameterSpec dhSpec;
3336
private transient SubjectPublicKeyInfo info;
3437

@@ -37,20 +40,23 @@ public class BCDHPublicKey
3740
{
3841
this.y = spec.getY();
3942
this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG());
43+
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(spec.getP(), spec.getG()));
4044
}
4145

4246
BCDHPublicKey(
4347
DHPublicKey key)
4448
{
4549
this.y = key.getY();
4650
this.dhSpec = key.getParams();
51+
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(dhSpec.getP(), dhSpec.getG()));
4752
}
4853

4954
BCDHPublicKey(
5055
DHPublicKeyParameters params)
5156
{
5257
this.y = params.getY();
5358
this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL());
59+
this.dhPublicKey = params;
5460
}
5561

5662
BCDHPublicKey(
@@ -59,6 +65,7 @@ public class BCDHPublicKey
5965
{
6066
this.y = y;
6167
this.dhSpec = dhSpec;
68+
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(dhSpec.getP(), dhSpec.getG()));
6269
}
6370

6471
public BCDHPublicKey(
@@ -94,12 +101,23 @@ public BCDHPublicKey(
94101
{
95102
this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
96103
}
104+
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(dhSpec.getP(), dhSpec.getG()));
97105
}
98106
else if (id.equals(X9ObjectIdentifiers.dhpublicnumber))
99107
{
100108
DomainParameters params = DomainParameters.getInstance(seq);
101109

102110
this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
111+
ValidationParams validationParams = params.getValidationParams();
112+
if (validationParams != null)
113+
{
114+
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(params.getP(), params.getG(), params.getQ(), params.getJ(),
115+
new DHValidationParameters(validationParams.getSeed(), validationParams.getPgenCounter().intValue())));
116+
}
117+
else
118+
{
119+
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(params.getP(), params.getG(), params.getQ(), params.getJ(), null));
120+
}
103121
}
104122
else
105123
{
@@ -137,6 +155,11 @@ public BigInteger getY()
137155
return y;
138156
}
139157

158+
public DHPublicKeyParameters engineGetKeyParameters()
159+
{
160+
return dhPublicKey;
161+
}
162+
140163
private boolean isPKCSParam(ASN1Sequence seq)
141164
{
142165
if (seq.size() == 2)

Diff for: prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/dh/KeyFactorySpi.java

+8-1
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,14 @@ protected PublicKey engineGeneratePublic(
8282
{
8383
if (keySpec instanceof DHPublicKeySpec)
8484
{
85-
return new BCDHPublicKey((DHPublicKeySpec)keySpec);
85+
try
86+
{
87+
return new BCDHPublicKey((DHPublicKeySpec)keySpec);
88+
}
89+
catch (IllegalArgumentException e)
90+
{
91+
throw new InvalidKeySpecException(e.getMessage(), e);
92+
}
8693
}
8794

8895
return super.engineGeneratePublic(keySpec);

Diff for: prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/ec/IESCipher.java

+2-2
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
import org.bouncycastle.crypto.KeyEncoder;
2525
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
2626
import org.bouncycastle.crypto.digests.SHA1Digest;
27-
import org.bouncycastle.crypto.engines.AESFastEngine;
27+
import org.bouncycastle.crypto.engines.AESEngine;
2828
import org.bouncycastle.crypto.engines.DESedeEngine;
2929
import org.bouncycastle.crypto.engines.IESEngine;
3030
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
@@ -538,7 +538,7 @@ static public class ECIESwithAESCBC
538538
{
539539
public ECIESwithAESCBC()
540540
{
541-
super(new CBCBlockCipher(new AESFastEngine()), 16);
541+
super(new CBCBlockCipher(new AESEngine()), 16);
542542
}
543543
}
544544
}

Diff for: prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/util/DHUtil.java

+5
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111
import org.bouncycastle.crypto.params.DHParameters;
1212
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
1313
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
14+
import org.bouncycastle.jcajce.provider.asymmetric.dh.BCDHPublicKey;
1415

1516
/**
1617
* utility class for converting jce/jca DH objects
@@ -22,6 +23,10 @@ static public AsymmetricKeyParameter generatePublicKeyParameter(
2223
PublicKey key)
2324
throws InvalidKeyException
2425
{
26+
if (key instanceof BCDHPublicKey)
27+
{
28+
return ((BCDHPublicKey)key).engineGetKeyParameters();
29+
}
2530
if (key instanceof DHPublicKey)
2631
{
2732
DHPublicKey k = (DHPublicKey)key;

0 commit comments

Comments
 (0)