Skip to content

Latest commit

 

History

History
230 lines (126 loc) · 11.5 KB

README.md

File metadata and controls

230 lines (126 loc) · 11.5 KB

TimW Bouncy Castle contributions

This is a fork of the official Bouncy Castle GitHub mirror used to track my contributions.

Pending contributions are in feature branches, accepted contributions live on only as tags.

Proposed

In Progress

pull request

  • Implementation of the ChaCha20/Poly1305 AEAD construction from draft-irtf-cfrg-chacha20-poly1305.
  • Extension of ChaChaEngine to support 96 bit nonce / 32 bit counter split.

Experimental Stuff

Speck in 32/64 bit word variants performs well in Java, although slower than Threefish due to the smaller block sizes. Community cryptanalysis of Simon/Speck is at a very early stage, so not proposing this for BC at present.

Accepted

BCrypt implementation (3 July 2014)

pull request

  • Merged/modified with other submission
  • Implementation of raw and OpenBSD/crypt style bcrypt password hash functions.

pull request

  • Improvements to the JavaDoc for the PGP APIs involved in file encryption/decryption (i.e. as used by the PBEFileProcessor sample).

pull request

  • Extend EncodableDigest implementation to LongDigest based SHA-2 digests.

pull request

  • Eliminate some array range checking in AESFastEngine to make it actually faster than AESEngine

AESFastEngine is slower than AESEngine despite pre-computing more, due to the additional array range checking incurred by having 4 table lookup arrays (vs only one in AESEngine). This change compacts all of the tables into a single table, trading off an offset addition on the lookup for removing the range checking. Registerisation of the state variables on encrypt is also done for an additional speed bump.

pull request

  • JavaDoc, parameter validation and tests covering parameter validation for Scrypt.

pull request

  • Add KeyGenerator registrations for SipHash in JCE API and add JCE SipHash algorithms to specs..

pull request

  • Support IDEA as a PGP block cipher and update IDEA patent verbiage now patent has expired.

pull request

  • Throw AEADBadTagException if available from AEAD ciphers in JCE provider when authentication fails.

pull request

  • More testing and buffer underflow fixes for lightweight and JCE CipherInputStream/CipherOutputStream
  • Consistent input/output range checking and improved documentation for AEAD implementations

pull request

  • Include ChaChaTest in cipher RegressionTest, plus a minor typo in ChaChaTest.

pull request

Remove unnecessary data copying in the CCM mode implementation:

  • ByteArrayOutputStream buffers for AD and data are accessed directly to avoid extra allocate+copy of each
  • The output buffer is used directly by processPacket output without allocate+copy of a temporary buffer

pull request

Two parts to this:

  1. rewrites of JCE javax.crypto.CipherInputStream and CipherOutputStream that don't silently eat invalid ciphertext exceptions and don't call doFinal() twice (i.e. can be used and used safely with AEAD ciphers). See links below for issues with javax.crypto versions.
  2. improvement to LW API CipherInputStream and CipherOutputStream to support AEADBlockCiphers and simplify internal logic.

Full testing of JCE and LW Cipher streams with common ciphers is included, including tampering of AEAD ciphertexts.

Oracle bug refs for broken Cipher stream behaviour:

pull request

  • Tests for reset of stream ciphers on encrypt/decrypt, init and reset operations.
  • Minor fixes for Grain* and HC* ciphers to make them reset properly on subsequent inits.

pull request

  • Document various algorithms that have been missed/misrepresented in the specs.

pull request

  • Fast implementation of Poly1305 message authentication code, with tests and JCE registrations.
  • The fast polynomial calculation in this implementation is adapted from the public domain 'poly1305-donna-unrolled' C implementation by Andrew M (@floodyberry) (https://github.com/floodyberry/poly1305-donna) - primarily adapting to Java signed integer arithmetic.
  • JCE registrations are provided for Poly1305-* for 128 bit AES era block ciphers (AES, Serpent, Twofish etc.)

pull request

  • Add exception testing (as already exist for other modes) for CTS mode.
  • Fix a couple of minor issues arising from those tests.

pull request

XSalsa20 implementation, based on the existing Salsa20 engine with a couple of tweaks to allow the key setup and nonce size to vary

XSalsa20 is a version of the Salsa20 stream cipher with an extended (192 vs 64 bit) nonce.

Test vectors are copied from the cryptopp implementation, which were generated using the nacl XSalsa20. There don't appear to be any official test vectors.


ChaCha implementation, based on the existing Salsa20 engine with the key setup, block permutation and block counter increment overridden.

This is basically an implementation of the 'regs' reference implementation found in the eStream benchmark suite and at http://cr.yp.to/chacha.html.

Speed is slightly (~10% faster) than the Salsa20 engine (due to the registerization).


Reduced round Salsa20

Parameterisation of Salsa20Engine to allow arbitrary rounds. Test vectors from estreambench-20080905.


Registerization of Salsa20Engine

Registerize the state variables in salsa20Core to allow Hotspot etc. to optimise the loads/stores (as much as can be done with 16 variables and no SIMD). Boosts performance by about 10% on common x86 hardware, possibly more on setups with more registers. Should have no affect on systems with small numbers of registers.

pull request

  • Generate 120 bit nonces for OCB in JCE API.

pull request

  • Generate 13 byte nonces for CCM in JCE API.

pull request

  • When used via JCE, OCB mode requires a BlockCipherProvider (since it uses two instances of a block cipher), so implement this for CAST6/Noekeon.

pull request

  • CMAC is defined with an all zero IV (Page 9 of NIST SP 800-38B), so block any init parameters other than KeyParameter being passed to underlying CBC mode..

JCE AAD API support (July 3 2013)

pull request

  • Add Java 7 JCE AAD support to BouncyCastle JCE provider (Cipher.updateAAD() and GCMParameterSpec).
  • Residual of previous contribution (in CVS days) to add online/incremental AAD processing to AEADBlockCipher.

pull request

  • Unit tests that exercise state resets for encrypt/decrypt, init and reset operations, and for various ways of tampering with AEAD ciphertexts.
  • Fixes for CCM and EAX mode issues revealed by testing.

Threefish and Skein (July 3 2013)

pull request

  • Threefish, Skein, Skein-MAC + HMAC-Skein in 256, 512, 1024 bit block sizes.
  • JCE registrations for all of these algos with standard output sizes (for digest + MAC).

Not Accepted

pull request

  • CTR and SIC are implemented with the same underlying engine, so make their behaviour in the JCE API consistent (previously SIC would fail on 64 bit block ciphers, while CTR would not).