package org.bouncycastle.crypto.modes;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.SkippingStreamCipher;
import org.bouncycastle.crypto.StreamBlockCipher;
import org.bouncycastle.crypto.params.ParametersWithIV;
import org.bouncycastle.util.Arrays;
import org.bouncycastle.util.Pack;
/**
* Implements the Segmented Integer Counter (SIC) mode on top of a simple
* block cipher. This mode is also known as CTR mode.
*/
public class SICBlockCipher
extends StreamBlockCipher
implements SkippingStreamCipher
{
private final BlockCipher cipher;
private final int blockSize;
private byte[] IV;
private byte[] counter;
private byte[] counterOut;
private int byteCount;
/**
* Basic constructor.
*
* @param c the block cipher to be used.
*/
public SICBlockCipher(BlockCipher c)
{
super(c);
this.cipher = c;
this.blockSize = cipher.getBlockSize();
this.IV = new byte[blockSize];
this.counter = new byte[blockSize];
this.counterOut = new byte[blockSize];
this.byteCount = 0;
}
public void init(
boolean forEncryption, //ignored by this CTR mode
CipherParameters params)
throws IllegalArgumentException
{
if (params instanceof ParametersWithIV)
{
ParametersWithIV ivParam = (ParametersWithIV)params;
this.IV = Arrays.clone(ivParam.getIV());
if (blockSize < IV.length)
{
throw new IllegalArgumentException("CTR/SIC mode requires IV no greater than: " + blockSize + " bytes.");
}
int maxCounterSize = (8 > blockSize / 2) ? blockSize / 2 : 8;
if (blockSize - IV.length > maxCounterSize)
{
throw new IllegalArgumentException("CTR/SIC mode requires IV of at least: " + (blockSize - maxCounterSize) + " bytes.");
}
// if null it's an IV changed only.
if (ivParam.getParameters() != null)
{
cipher.init(true, ivParam.getParameters());
}
reset();
}
else
{
throw new IllegalArgumentException("CTR/SIC mode requires ParametersWithIV");
}
}
public String getAlgorithmName()
{
return cipher.getAlgorithmName() + "/SIC";
}
public int getBlockSize()
{
return cipher.getBlockSize();
}
public int processBlock(byte[] in, int inOff, byte[] out, int outOff)
throws DataLengthException, IllegalStateException
{
processBytes(in, inOff, blockSize, out, outOff);
return blockSize;
}
protected byte calculateByte(byte in)
throws DataLengthException, IllegalStateException
{
if (byteCount == 0)
{
cipher.processBlock(counter, 0, counterOut, 0);
return (byte)(counterOut[byteCount++] ^ in);
}
byte rv = (byte)(counterOut[byteCount++] ^ in);
if (byteCount == counter.length)
{
byteCount = 0;
incrementCounterAt(0);
checkCounter();
}
return rv;
}
private void checkCounter()
{
// if the IV is the same as the blocksize we assume the user knows what they are doing
if (IV.length < blockSize)
{
for (int i = 0; i != IV.length; i++)
{
if (counter[i] != IV[i])
{
throw new IllegalStateException("Counter in CTR/SIC mode out of range.");
}
}
}
}
private void incrementCounterAt(int pos)
{
int i = counter.length - pos;
while (--i >= 0)
{
if (++counter[i] != 0)
{
break;
}
}
}
private void incrementCounter(int offSet)
{
byte old = counter[counter.length - 1];
counter[counter.length - 1] += offSet;
if (old != 0 && counter[counter.length - 1] < old)
{
incrementCounterAt(1);
}
}
private void decrementCounterAt(int pos)
{
int i = counter.length - pos;
while (--i >= 0)
{
if (--counter[i] != -1)
{
return;
}
}
}
private void adjustCounter(long n)
{
if (n >= 0)
{
long numBlocks = (n + byteCount) / blockSize;
long rem = numBlocks;
if (rem > 255)
{
for (int i = 5; i >= 1; i--)
{
long diff = 1L << (8 * i);
while (rem >= diff)
{
incrementCounterAt(i);
rem -= diff;
}
}
}
incrementCounter((int)rem);
byteCount = (int)((n + byteCount) - (blockSize * numBlocks));
}
else
{
long numBlocks = (-n - byteCount) / blockSize;
long rem = numBlocks;
if (rem > 255)
{
for (int i = 5; i >= 1; i--)
{
long diff = 1L << (8 * i);
while (rem > diff)
{
decrementCounterAt(i);
rem -= diff;
}
}
}
for (long i = 0; i != rem; i++)
{
decrementCounterAt(0);
}
int gap = (int)(byteCount + n + (blockSize * numBlocks));
if (gap >= 0)
{
byteCount = 0;
}
else
{
decrementCounterAt(0);
byteCount = blockSize + gap;
}
}
}
public void reset()
{
Arrays.fill(counter, (byte)0);
System.arraycopy(IV, 0, counter, 0, IV.length);
cipher.reset();
this.byteCount = 0;
}
public long skip(long numberOfBytes)
{
adjustCounter(numberOfBytes);
checkCounter();
cipher.processBlock(counter, 0, counterOut, 0);
return numberOfBytes;
}
public long seekTo(long position)
{
reset();
return skip(position);
}
public long getPosition()
{
byte[] res = new byte[counter.length];
System.arraycopy(counter, 0, res, 0, res.length);
for (int i = res.length - 1; i >= 1; i--)
{
int v;
if (i < IV.length)
{
v = (res[i] & 0xff) - (IV[i] & 0xff);
}
else
{
v = (res[i] & 0xff);
}
if (v < 0)
{
res[i - 1]--;
v += 256;
}
res[i] = (byte)v;
}
return Pack.bigEndianToLong(res, res.length - 8) * blockSize + byteCount;
}
}