GCMカスタム

okomeki · Jun 30, 2024 · f3c4ce4 · f3c4ce4
1 parent eee86d2
commit f3c4ce4
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -118,24 +118,35 @@ CBC AMD Ryzen 2600X か 5800Xの値
 
 GCM AMD Ryzen 5800X
 
-JDKのCBCが遅いのでAES-NIの半分くらいは出てる
+JDKの暗号はAES-NIの割に遅いのでAES-NIの半分くらいは出てる
 
 # License
 
 Apache 2.0 License としたいです。
 
 # Maven
 
+JDK11以降用 module対応っぽい版
+~~~
+<dependency>
+    <groupId>net.siisise</groupId>
+    <artifactId>softlib-crypto.module</artifactId>
+    <version>1.0.3</version>
+    <scope>test</scope>
+    <type>jar</type>
+</dependency>
+~~~
+JDK8用
 ~~~
 <dependency>
     <groupId>net.siisise</groupId>
     <artifactId>softlib-crypto</artifactId>
-    <version>1.0.2</version>
+    <version>1.0.3</version>
     <scope>test</scope>
     <type>jar</type>
 </dependency>
 ~~~
-バージョンは 1.0.2 です。
-開発版は1.0.3-SNAPSHOTかも。
+バージョンは 1.0.3 です。
+開発版は1.0.4-SNAPSHOTかも。
 
 
diff --git a/pom.xml b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>net.siisise</groupId>
     <artifactId>softlib-crypto.module</artifactId>
-    <version>1.0.3-SNAPSHOT</version>
+    <version>1.0.3</version>
     <packaging>jar</packaging>
     <name>SoftLibCrypto</name>
     <description>Block Stream Digest Crypt for Java</description>
@@ -50,7 +50,7 @@
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-javadoc-plugin</artifactId>
-                <version>3.6.3</version>
+                <version>3.7.0</version>
                 <executions>
                     <execution>
                         <id>attach-javadocs</id>

diff --git a/src/main/java/net/siisise/security/mac/GHASH.java b/src/main/java/net/siisise/security/mac/GHASH.java
@@ -27,10 +27,10 @@
 public class GHASH implements MAC {
 
     // hash subkey Cache
-    private long[] HCa = new long[64];
-    private long[] HCb = new long[64];
-    private long[] HCc = new long[64];
-    private long[] HCd = new long[64];
+    private final long[] HCa = new long[64];
+    private final long[] HCb = new long[64];
+    private final long[] HCc = new long[64];
+    private final long[] HCd = new long[64];
     private long[] y;
 
     private Packet pool;
@@ -46,6 +46,10 @@ public GHASH() {
      */
     @Override
     public void init(byte[] H) {
+        init(Bin.btol(H), new byte[0]);
+    }
+
+    public void init(long[] H) {
         init(H, new byte[0]);
     }
 
@@ -55,11 +59,11 @@ public void init(byte[] H) {
      * @param H hash subkey
      * @param a 暗号化しない部分
      */
-    public void init(byte[] H, byte[] a) {
+    public void init(long[] H, byte[] a) {
         pool = new PacketA();
         lens = new PacketA();
         buildHCache(H);
-        y = new long[H.length / 8];
+        y = new long[H.length];
         alen = 0;
         update(a, 0, a.length);
         blockClose();
@@ -69,8 +73,8 @@ public void init(byte[] H, byte[] a) {
      * Hの乗算結果をキャッシュして4倍くらい高速化.
      * @param H 
      */
-    private void buildHCache(byte[] H) {
-        long[] x = Bin.btol(H);
+    private void buildHCache(long[] H) {
+        long[] x = H;
         for (int i = 0; i < 64; i++) {
             HCa[i] = x[0];
             HCb[i] = x[1];
@@ -99,20 +103,20 @@ private long[] GF_x(long[] s) {
      */
     private void xorMul(byte[] x, int o) {
         Bin.xorl(y, x, o, y.length);
-        GF_YmulH();
+        YmulH();
     }
 
     private void xorMul(byte[] x) {
         Bin.xorl(y, x, 0, y.length);
-        GF_YmulH();
+        YmulH();
     }
 
     /**
      * 128bit固定GF ビット順が逆 y・H.
      * 変態演算なのでメモリ食うかも
      * y・H
      */
-    private void GF_YmulH() {
+    private void YmulH() {
         long b = 0;
         long c = 0;
 
@@ -123,11 +127,11 @@ private void GF_YmulH() {
                 b ^= HCa[i];
                 c ^= HCb[i];
             }
+            t<<=1;
             if (u < 0) {
                 b ^= HCc[i];
                 c ^= HCd[i];
             }
-            t<<=1;
             u<<=1;
         }
         y = new long[] {b, c};
@@ -147,17 +151,17 @@ public void update(byte[] src, int offset, int length) {
             length -= l;
             xorMul(pool.toByteArray());
         }
-        while (length >= 16) {
-            xorMul(src, offset);
-            offset += 16;
-            length -= 16;
+        int b = length / 16;
+        for (int i = 0; i < b; i++) {
+            xorMul(src, offset + i * 16);
         }
-        pool.write(src, offset, length);
+        pool.write(src, offset + b * 16, length % 16);
     }
 
     private void blockClose() {
-        if (pool.size() > 0) { // padding
-            pool.write(new byte[16 - pool.size()]);
+        int ps = pool.size();
+        if (ps > 0) { // padding
+            pool.write(new byte[16 - ps]);
             xorMul(pool.toByteArray());
         }
 

diff --git a/src/main/java/net/siisise/security/mode/GCM.java b/src/main/java/net/siisise/security/mode/GCM.java
@@ -98,7 +98,7 @@ public void init(byte[]... params) {
         block.init(key); // Y0内で呼ぶので不要 CTRのinitは使わない
 
         // GHASH
-        byte[] H = Bin.ltob(block.encrypt(new long[block.getBlockLength() / 64]));
+        long[] H = block.encrypt(new long[block.getBlockLength() / 64]);
 
         iv = J0(H, params[1]); // block が状態遷移しないAES前提
 
@@ -124,7 +124,7 @@ public void init(byte[]... params) {
      * Algorithm 4: GCM-AE_K(IV, P, A) Step 2.
      * @param iv 候補 96bit でも それ以外でもよし
      */
-    private byte[] J0(byte[] H, byte[] iv) {
+    private byte[] J0(long[] H, byte[] iv) {
         byte[] m = new byte[block.getBlockLength() / 8];
         if (iv.length == 12) { // 96 bit
             System.arraycopy(iv, 0, m, 0, iv.length);