Skip to content
Permalink
Browse files Browse the repository at this point in the history
added better support for DH domain parameters
added s box allocation to AESEngine
reduced use of AESFastEngine.
  • Loading branch information
dghgit committed Oct 31, 2016
1 parent 1127131 commit 413b42f
Show file tree
Hide file tree
Showing 8 changed files with 288 additions and 136 deletions.
27 changes: 19 additions & 8 deletions core/src/main/java/org/bouncycastle/crypto/engines/AESEngine.java
Expand Up @@ -5,6 +5,7 @@
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.OutputLengthException;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;

/**
Expand Down Expand Up @@ -415,6 +416,8 @@ private int[][] generateWorkingKey(byte[] key, boolean forEncryption)
private int C0, C1, C2, C3;
private boolean forEncryption;

private byte[] s;

private static final int BLOCK_SIZE = 16;

/**
Expand All @@ -440,6 +443,14 @@ public void init(
{
WorkingKey = generateWorkingKey(((KeyParameter)params).getKey(), forEncryption);
this.forEncryption = forEncryption;
if (forEncryption)
{
s = Arrays.clone(S);
}
else
{
s = Arrays.clone(Si);
}
return;
}

Expand Down Expand Up @@ -578,10 +589,10 @@ private void encryptBlock(int[][] KW)

// the final round's table is a simple function of S so we don't use a whole other four tables for it

this.C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((S[(r2>>16)&255]&255)<<16) ^ (S[(r3>>24)&255]<<24) ^ KW[r][0];
this.C1 = (S[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (S[(r0>>24)&255]<<24) ^ KW[r][1];
this.C2 = (S[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
this.C3 = (S[r3&255]&255) ^ ((S[(r0>>8)&255]&255)<<8) ^ ((S[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
this.C0 = (S[r0&255]&255) ^ ((S[(r1>>8)&255]&255)<<8) ^ ((s[(r2>>16)&255]&255)<<16) ^ (s[(r3>>24)&255]<<24) ^ KW[r][0];
this.C1 = (s[r1&255]&255) ^ ((S[(r2>>8)&255]&255)<<8) ^ ((S[(r3>>16)&255]&255)<<16) ^ (s[(r0>>24)&255]<<24) ^ KW[r][1];
this.C2 = (s[r2&255]&255) ^ ((S[(r3>>8)&255]&255)<<8) ^ ((S[(r0>>16)&255]&255)<<16) ^ (S[(r1>>24)&255]<<24) ^ KW[r][2];
this.C3 = (s[r3&255]&255) ^ ((s[(r0>>8)&255]&255)<<8) ^ ((s[(r1>>16)&255]&255)<<16) ^ (S[(r2>>24)&255]<<24) ^ KW[r][3];
}

private void decryptBlock(int[][] KW)
Expand Down Expand Up @@ -610,9 +621,9 @@ private void decryptBlock(int[][] KW)

// the final round's table is a simple function of Si so we don't use a whole other four tables for it

this.C0 = (Si[r0&255]&255) ^ ((Si[(r3>>8)&255]&255)<<8) ^ ((Si[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
this.C1 = (Si[r1&255]&255) ^ ((Si[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (Si[(r2>>24)&255]<<24) ^ KW[0][1];
this.C2 = (Si[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (Si[(r3>>24)&255]<<24) ^ KW[0][2];
this.C3 = (Si[r3&255]&255) ^ ((Si[(r2>>8)&255]&255)<<8) ^ ((Si[(r1>>16)&255]&255)<<16) ^ (Si[(r0>>24)&255]<<24) ^ KW[0][3];
this.C0 = (Si[r0&255]&255) ^ ((s[(r3>>8)&255]&255)<<8) ^ ((s[(r2>>16)&255]&255)<<16) ^ (Si[(r1>>24)&255]<<24) ^ KW[0][0];
this.C1 = (s[r1&255]&255) ^ ((s[(r0>>8)&255]&255)<<8) ^ ((Si[(r3>>16)&255]&255)<<16) ^ (s[(r2>>24)&255]<<24) ^ KW[0][1];
this.C2 = (s[r2&255]&255) ^ ((Si[(r1>>8)&255]&255)<<8) ^ ((Si[(r0>>16)&255]&255)<<16) ^ (s[(r3>>24)&255]<<24) ^ KW[0][2];
this.C3 = (Si[r3&255]&255) ^ ((s[(r2>>8)&255]&255)<<8) ^ ((s[(r1>>16)&255]&255)<<16) ^ (s[(r0>>24)&255]<<24) ^ KW[0][3];
}
}
Expand Up @@ -26,6 +26,12 @@ private BigInteger validate(BigInteger y, DHParameters dhParams)
throw new NullPointerException("y value cannot be null");
}

// TLS check
if (y.compareTo(TWO) < 0 || y.compareTo(dhParams.getP().subtract(TWO)) > 0)
{
throw new IllegalArgumentException("invalid DH public key");
}

if (dhParams.getQ() != null)
{
if (ONE.equals(y.modPow(dhParams.getQ(), dhParams.getP())))
Expand All @@ -37,12 +43,6 @@ private BigInteger validate(BigInteger y, DHParameters dhParams)
}
else
{
// TLS check
if (y.compareTo(TWO) < 0 || y.compareTo(dhParams.getP().subtract(TWO)) > 0)
{
throw new IllegalArgumentException("invalid DH public key");
}

return y; // we can't validate without Q.
}
}
Expand Down
Expand Up @@ -16,10 +16,12 @@
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x9.DHDomainParameters;
import org.bouncycastle.asn1.x9.DomainParameters;
import org.bouncycastle.asn1.x9.ValidationParams;
import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.crypto.params.DHValidationParameters;
import org.bouncycastle.jcajce.provider.asymmetric.util.KeyUtil;

public class BCDHPublicKey
Expand All @@ -29,6 +31,7 @@

private BigInteger y;

private transient DHPublicKeyParameters dhPublicKey;
private transient DHParameterSpec dhSpec;
private transient SubjectPublicKeyInfo info;

Expand All @@ -37,20 +40,23 @@
{
this.y = spec.getY();
this.dhSpec = new DHParameterSpec(spec.getP(), spec.getG());
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(spec.getP(), spec.getG()));
}

BCDHPublicKey(
DHPublicKey key)
{
this.y = key.getY();
this.dhSpec = key.getParams();
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(dhSpec.getP(), dhSpec.getG()));
}

BCDHPublicKey(
DHPublicKeyParameters params)
{
this.y = params.getY();
this.dhSpec = new DHParameterSpec(params.getParameters().getP(), params.getParameters().getG(), params.getParameters().getL());
this.dhPublicKey = params;
}

BCDHPublicKey(
Expand All @@ -59,6 +65,7 @@
{
this.y = y;
this.dhSpec = dhSpec;
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(dhSpec.getP(), dhSpec.getG()));
}

public BCDHPublicKey(
Expand Down Expand Up @@ -94,12 +101,23 @@ public BCDHPublicKey(
{
this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
}
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(dhSpec.getP(), dhSpec.getG()));
}
else if (id.equals(X9ObjectIdentifiers.dhpublicnumber))
{
DomainParameters params = DomainParameters.getInstance(seq);

this.dhSpec = new DHParameterSpec(params.getP(), params.getG());
ValidationParams validationParams = params.getValidationParams();
if (validationParams != null)
{
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(params.getP(), params.getG(), params.getQ(), params.getJ(),
new DHValidationParameters(validationParams.getSeed(), validationParams.getPgenCounter().intValue())));
}
else
{
this.dhPublicKey = new DHPublicKeyParameters(y, new DHParameters(params.getP(), params.getG(), params.getQ(), params.getJ(), null));
}
}
else
{
Expand Down Expand Up @@ -137,6 +155,11 @@ public BigInteger getY()
return y;
}

public DHPublicKeyParameters engineGetKeyParameters()
{
return dhPublicKey;
}

private boolean isPKCSParam(ASN1Sequence seq)
{
if (seq.size() == 2)
Expand Down
Expand Up @@ -82,7 +82,14 @@ protected PublicKey engineGeneratePublic(
{
if (keySpec instanceof DHPublicKeySpec)
{
return new BCDHPublicKey((DHPublicKeySpec)keySpec);
try
{
return new BCDHPublicKey((DHPublicKeySpec)keySpec);
}
catch (IllegalArgumentException e)
{
throw new InvalidKeySpecException(e.getMessage(), e);
}
}

return super.engineGeneratePublic(keySpec);
Expand Down
Expand Up @@ -24,7 +24,7 @@
import org.bouncycastle.crypto.KeyEncoder;
import org.bouncycastle.crypto.agreement.ECDHBasicAgreement;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.engines.AESFastEngine;
import org.bouncycastle.crypto.engines.AESEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.IESEngine;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
Expand Down Expand Up @@ -538,7 +538,7 @@ public ECIESwithDESedeCBC()
{
public ECIESwithAESCBC()
{
super(new CBCBlockCipher(new AESFastEngine()), 16);
super(new CBCBlockCipher(new AESEngine()), 16);
}
}
}
Expand Up @@ -11,6 +11,7 @@
import org.bouncycastle.crypto.params.DHParameters;
import org.bouncycastle.crypto.params.DHPrivateKeyParameters;
import org.bouncycastle.crypto.params.DHPublicKeyParameters;
import org.bouncycastle.jcajce.provider.asymmetric.dh.BCDHPublicKey;

/**
* utility class for converting jce/jca DH objects
Expand All @@ -22,6 +23,10 @@ static public AsymmetricKeyParameter generatePublicKeyParameter(
PublicKey key)
throws InvalidKeyException
{
if (key instanceof BCDHPublicKey)
{
return ((BCDHPublicKey)key).engineGetKeyParameters();
}
if (key instanceof DHPublicKey)
{
DHPublicKey k = (DHPublicKey)key;
Expand Down

0 comments on commit 413b42f

Please sign in to comment.