diff --git a/src/main/java/com/github/cfrg/aegis/Aegis128L.java b/src/main/java/com/github/cfrg/aegis/Aegis128L.java index b519e1d..5d9529f 100644 --- a/src/main/java/com/github/cfrg/aegis/Aegis128L.java +++ b/src/main/java/com/github/cfrg/aegis/Aegis128L.java @@ -83,36 +83,40 @@ public Aegis128L(final byte key[], final byte nonce[], final int tag_length) thr public AuthenticatedCiphertext encryptDetached(final byte msg[], final byte ad[]) { var ciphertext = new byte[msg.length]; var i = 0; - for (; i + 32 <= ad.length; i += 32) { - this.absorb(Arrays.copyOfRange(ad, i, i + 32)); - } - if (ad.length % 32 != 0) { - var pad = new byte[32]; - Arrays.fill(pad, (byte) 0); - for (var j = 0; j < ad.length % 32; j++) { - pad[i] = ad[i + j]; + if (ad != null) { + for (; i + 32 <= ad.length; i += 32) { + this.absorb(Arrays.copyOfRange(ad, i, i + 32)); } - this.absorb(pad); - } - i = 0; - for (; i + 32 <= msg.length; i += 32) { - var ci = this.enc(Arrays.copyOfRange(msg, i, i + 32)); - for (var j = 0; j < 32; j++) { - ciphertext[i + j] = ci[j]; + if (ad.length % 32 != 0) { + var pad = new byte[32]; + Arrays.fill(pad, (byte) 0); + for (var j = 0; j < ad.length % 32; j++) { + pad[i] = ad[i + j]; + } + this.absorb(pad); } } - if (msg.length % 32 != 0) { - var pad = new byte[32]; - Arrays.fill(pad, (byte) 0); - for (var j = 0; j < msg.length % 32; j++) { - pad[j] = msg[i + j]; + if (msg != null) { + i = 0; + for (; i + 32 <= msg.length; i += 32) { + var ci = this.enc(Arrays.copyOfRange(msg, i, i + 32)); + for (var j = 0; j < 32; j++) { + ciphertext[i + j] = ci[j]; + } } - var ci = this.enc(pad); - for (var j = 0; j < msg.length % 32; j++) { - ciphertext[i + j] = ci[j]; + if (msg.length % 32 != 0) { + var pad = new byte[32]; + Arrays.fill(pad, (byte) 0); + for (var j = 0; j < msg.length % 32; j++) { + pad[j] = msg[i + j]; + } + var ci = this.enc(pad); + for (var j = 0; j < msg.length % 32; j++) { + ciphertext[i + j] = ci[j]; + } } } - final var tag = this.finalize(ad.length, msg.length); + final var tag = this.finalize(ad == null ? 0 : ad.length, msg == null ? 0 : msg.length); return new AuthenticatedCiphertext(ciphertext, tag); } @@ -146,19 +150,21 @@ public byte[] encrypt(final byte msg[], final byte ad[]) { */ public byte[] decryptDetached(final AuthenticatedCiphertext ac, final byte ad[]) throws VerificationFailedException { - var msg = new byte[ac.ct.length]; var i = 0; - for (; i + 32 <= ad.length; i += 32) { - this.absorb(Arrays.copyOfRange(ad, i, i + 32)); - } - if (ad.length % 32 != 0) { - var pad = new byte[32]; - Arrays.fill(pad, (byte) 0); - for (var j = 0; j < ad.length % 32; j++) { - pad[i] = ad[i + j]; + if (ad != null) { + for (; i + 32 <= ad.length; i += 32) { + this.absorb(Arrays.copyOfRange(ad, i, i + 32)); + } + if (ad.length % 32 != 0) { + var pad = new byte[32]; + Arrays.fill(pad, (byte) 0); + for (var j = 0; j < ad.length % 32; j++) { + pad[i] = ad[i + j]; + } + this.absorb(pad); } - this.absorb(pad); } + var msg = new byte[ac.ct.length]; i = 0; for (; i + 32 <= ac.ct.length; i += 32) { var xi = this.dec(Arrays.copyOfRange(ac.ct, i, i + 32)); @@ -172,7 +178,7 @@ public byte[] decryptDetached(final AuthenticatedCiphertext ac, final byte ad[]) msg[i + j] = xi[j]; } } - final var tag = this.finalize(ad.length, msg.length); + final var tag = this.finalize(ad == null ? 0 : ad.length, msg == null ? 0 : msg.length); var dt = (byte) 0; for (var j = 0; j < tag.length; j++) { dt |= tag[j] ^ ac.tag[j]; diff --git a/src/main/java/com/github/cfrg/aegis/Aegis256.java b/src/main/java/com/github/cfrg/aegis/Aegis256.java index 877c9fa..80e8f8b 100644 --- a/src/main/java/com/github/cfrg/aegis/Aegis256.java +++ b/src/main/java/com/github/cfrg/aegis/Aegis256.java @@ -80,36 +80,40 @@ public Aegis256(final byte key[], final byte nonce[], final int tag_length) thro public AuthenticatedCiphertext encryptDetached(final byte msg[], final byte ad[]) { var ciphertext = new byte[msg.length]; var i = 0; - for (; i + 16 <= ad.length; i += 16) { - this.absorb(Arrays.copyOfRange(ad, i, i + 16)); - } - if (ad.length % 16 != 0) { - var pad = new byte[16]; - Arrays.fill(pad, (byte) 0); - for (var j = 0; j < ad.length % 16; j++) { - pad[i] = ad[i + j]; + if (ad != null) { + for (; i + 16 <= ad.length; i += 16) { + this.absorb(Arrays.copyOfRange(ad, i, i + 16)); } - this.absorb(pad); - } - i = 0; - for (; i + 16 <= msg.length; i += 16) { - var ci = this.enc(Arrays.copyOfRange(msg, i, i + 16)); - for (var j = 0; j < 16; j++) { - ciphertext[i + j] = ci[j]; + if (ad.length % 16 != 0) { + var pad = new byte[16]; + Arrays.fill(pad, (byte) 0); + for (var j = 0; j < ad.length % 16; j++) { + pad[i] = ad[i + j]; + } + this.absorb(pad); } } - if (msg.length % 16 != 0) { - var pad = new byte[16]; - Arrays.fill(pad, (byte) 0); - for (var j = 0; j < msg.length % 16; j++) { - pad[j] = msg[i + j]; + if (msg != null) { + i = 0; + for (; i + 16 <= msg.length; i += 16) { + var ci = this.enc(Arrays.copyOfRange(msg, i, i + 16)); + for (var j = 0; j < 16; j++) { + ciphertext[i + j] = ci[j]; + } } - var ci = this.enc(pad); - for (var j = 0; j < msg.length % 16; j++) { - ciphertext[i + j] = ci[j]; + if (msg.length % 16 != 0) { + var pad = new byte[16]; + Arrays.fill(pad, (byte) 0); + for (var j = 0; j < msg.length % 16; j++) { + pad[j] = msg[i + j]; + } + var ci = this.enc(pad); + for (var j = 0; j < msg.length % 16; j++) { + ciphertext[i + j] = ci[j]; + } } } - final var tag = this.finalize(ad.length, msg.length); + final var tag = this.finalize(ad == null ? 0 : ad.length, msg == null ? 0 : msg.length); return new AuthenticatedCiphertext(ciphertext, tag); } @@ -128,19 +132,21 @@ public byte[] encrypt(final byte msg[], final byte ad[]) { public byte[] decryptDetached(final AuthenticatedCiphertext ac, final byte ad[]) throws VerificationFailedException { - var msg = new byte[ac.ct.length]; var i = 0; - for (; i + 16 <= ad.length; i += 16) { - this.absorb(Arrays.copyOfRange(ad, i, i + 16)); - } - if (ad.length % 16 != 0) { - var pad = new byte[16]; - Arrays.fill(pad, (byte) 0); - for (var j = 0; j < ad.length % 16; j++) { - pad[i] = ad[i + j]; + if (ad != null) { + for (; i + 16 <= ad.length; i += 16) { + this.absorb(Arrays.copyOfRange(ad, i, i + 16)); + } + if (ad.length % 16 != 0) { + var pad = new byte[16]; + Arrays.fill(pad, (byte) 0); + for (var j = 0; j < ad.length % 16; j++) { + pad[i] = ad[i + j]; + } + this.absorb(pad); } - this.absorb(pad); } + var msg = new byte[ac.ct.length]; i = 0; for (; i + 16 <= ac.ct.length; i += 16) { var xi = this.dec(Arrays.copyOfRange(ac.ct, i, i + 16)); @@ -154,7 +160,7 @@ public byte[] decryptDetached(final AuthenticatedCiphertext ac, final byte ad[]) msg[i + j] = xi[j]; } } - final var tag = this.finalize(ad.length, msg.length); + final var tag = this.finalize(ad == null ? 0 : ad.length, msg == null ? 0 : msg.length); var dt = (byte) 0; for (var j = 0; j < tag.length; j++) { dt |= tag[j] ^ ac.tag[j]; diff --git a/src/test/java/TestAegis128L.java b/src/test/java/TestAegis128L.java index 6751b8a..742062c 100644 --- a/src/test/java/TestAegis128L.java +++ b/src/test/java/TestAegis128L.java @@ -2,8 +2,6 @@ import org.junit.jupiter.api.Test; import static org.junit.jupiter.api.Assertions.assertArrayEquals; -import java.util.Arrays; - import com.github.cfrg.aegis.Aegis128L; import com.github.cfrg.aegis.VerificationFailedException;