- removed misleading statements about the key lifecycle from the javadoc

overheadhunter · overheadhunter · commit f07ed6e88b72 · 2016-10-24T11:15:38.000+02:00
- incremented version number
- added benchmark test
diff --git a/README.md b/README.md
@@ -37,7 +37,7 @@ public void encryptWithAdditionalData() {
   <dependency>
     <groupId>org.cryptomator</groupId>
     <artifactId>siv-mode</artifactId>
-    <version>1.0.7</version>
+    <version>1.1.0</version>
   </dependency>
 </dependencies>
 ```
diff --git a/pom.xml b/pom.xml
@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>siv-mode</artifactId>
-	<version>1.0.9-SNAPSHOT</version>
+	<version>1.1.0</version>
 
 	<name>SIV Mode</name>
 	<description>RFC 5297 SIV mode: deterministic authenticated encryption</description>
@@ -59,6 +59,18 @@
 			<version>1.10.19</version>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.openjdk.jmh</groupId>
+			<artifactId>jmh-core</artifactId>
+			<version>1.12</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.openjdk.jmh</groupId>
+			<artifactId>jmh-generator-annprocess</artifactId>
+			<version>1.12</version>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 
 	<build>
diff --git a/src/main/java/org/cryptomator/siv/JceAesBlockCipher.java b/src/main/java/org/cryptomator/siv/JceAesBlockCipher.java
@@ -8,7 +8,6 @@
  *     Sebastian Stenzel - initial API and implementation
  ******************************************************************************/
 
-import java.nio.ByteBuffer;
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
@@ -78,10 +77,8 @@ public int processBlock(byte[] in, int inOff, byte[] out, int outOff) throws Dat
 		if (in.length - inOff < getBlockSize()) {
 			throw new DataLengthException("Insufficient data in 'in'.");
 		}
-		ByteBuffer inBuf = ByteBuffer.wrap(in, inOff, getBlockSize());
-		ByteBuffer outBuf = ByteBuffer.wrap(out, outOff, out.length - outOff);
 		try {
-			return cipher.update(inBuf, outBuf);
+			return cipher.update(in, inOff, getBlockSize(), out, outOff);
 		} catch (ShortBufferException e) {
 			throw new DataLengthException("Insufficient space in 'out'.");
 		}
diff --git a/src/main/java/org/cryptomator/siv/SivMode.java b/src/main/java/org/cryptomator/siv/SivMode.java
@@ -75,7 +75,6 @@ public static interface BlockCipherFactory {
 
 	/**
 	 * Convenience method, if you are using the javax.crypto API. This is just a wrapper for {@link #encrypt(byte[], byte[], byte[], byte[]...)}.
-	 * This method accesses key bytes directly and destroys these bytes when finished. However the two given keys will remain untouched.
 	 * 
 	 * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
 	 * @param macKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
@@ -100,7 +99,6 @@ public byte[] encrypt(SecretKey ctrKey, SecretKey macKey, byte[] plaintext, byte
 
 	/**
 	 * Encrypts plaintext using SIV mode. A block cipher defined by the constructor is being used.<br>
-	 * This method leaves the two given keys untouched, the calling function needs to makes sure, key bytes are destroyed when finished.
 	 * 
 	 * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
 	 * @param macKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
@@ -147,7 +145,6 @@ public byte[] encrypt(byte[] ctrKey, byte[] macKey, byte[] plaintext, byte[]...
 
 	/**
 	 * Convenience method, if you are using the javax.crypto API. This is just a wrapper for {@link #decrypt(byte[], byte[], byte[], byte[]...)}.
-	 * This method accesses key bytes directly and destroys these bytes when finished. However the two given keys will remain untouched.
 	 * 
 	 * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
 	 * @param macKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
@@ -174,7 +171,6 @@ public byte[] decrypt(SecretKey ctrKey, SecretKey macKey, byte[] ciphertext, byt
 
 	/**
 	 * Decrypts ciphertext using SIV mode. A block cipher defined by the constructor is being used.<br>
-	 * This method leaves the two given keys untouched, the calling function needs to makes sure, key bytes are destroyed when finished.
 	 * 
 	 * @param ctrKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
 	 * @param macKey SIV mode requires two separate keys. You can use one long key, which is splitted in half. See https://tools.ietf.org/html/rfc5297#section-2.2
diff --git a/src/test/java/org/cryptomator/siv/BenchmarkTest.java b/src/test/java/org/cryptomator/siv/BenchmarkTest.java
@@ -0,0 +1,35 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ * 
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ ******************************************************************************/
+package org.cryptomator.siv;
+
+import org.junit.Test;
+import org.openjdk.jmh.runner.Runner;
+import org.openjdk.jmh.runner.RunnerException;
+import org.openjdk.jmh.runner.options.Options;
+import org.openjdk.jmh.runner.options.OptionsBuilder;
+
+public class BenchmarkTest {
+
+	@Test
+	public void runBenchmarks() throws RunnerException {
+		// Taken from http://stackoverflow.com/a/30486197/4014509:
+		Options opt = new OptionsBuilder()
+				// Specify which benchmarks to run
+				.include(getClass().getPackage().getName() + ".*Benchmark.*")
+				// Set the following options as needed
+				.threads(2).forks(1) //
+				.shouldFailOnError(true).shouldDoGC(true)
+				// .jvmArgs("-XX:+UnlockDiagnosticVMOptions", "-XX:+PrintInlining")
+				// .addProfiler(WinPerfAsmProfiler.class)
+				.build();
+
+		new Runner(opt).run();
+	}
+
+}
diff --git a/src/test/java/org/cryptomator/siv/SivModeBenchmark.java b/src/test/java/org/cryptomator/siv/SivModeBenchmark.java
@@ -0,0 +1,87 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ * 
+ * Contributors:
+ *     Sebastian Stenzel - initial API and implementation
+ ******************************************************************************/
+package org.cryptomator.siv;
+
+import java.util.Arrays;
+import java.util.concurrent.TimeUnit;
+
+import org.bouncycastle.crypto.BlockCipher;
+import org.bouncycastle.crypto.engines.AESFastEngine;
+import org.bouncycastle.crypto.engines.AESLightEngine;
+import org.cryptomator.siv.SivMode.BlockCipherFactory;
+import org.openjdk.jmh.annotations.Benchmark;
+import org.openjdk.jmh.annotations.BenchmarkMode;
+import org.openjdk.jmh.annotations.Level;
+import org.openjdk.jmh.annotations.Measurement;
+import org.openjdk.jmh.annotations.Mode;
+import org.openjdk.jmh.annotations.OutputTimeUnit;
+import org.openjdk.jmh.annotations.Scope;
+import org.openjdk.jmh.annotations.Setup;
+import org.openjdk.jmh.annotations.State;
+import org.openjdk.jmh.annotations.Warmup;
+
+/**
+ * Needs to be compiled via maven as the JMH annotation processor needs to do stuff...
+ */
+@State(Scope.Thread)
+@Warmup(iterations = 2, time = 500, timeUnit = TimeUnit.MILLISECONDS)
+@Measurement(iterations = 2, time = 500, timeUnit = TimeUnit.MILLISECONDS)
+@BenchmarkMode(value = {Mode.AverageTime})
+@OutputTimeUnit(TimeUnit.MICROSECONDS)
+public class SivModeBenchmark {
+
+	private int run;
+	private final byte[] encKeyBuf = new byte[16];
+	private final byte[] macKeyBuf = new byte[16];
+	private final byte[] testData = new byte[8 * 1024];
+	private final byte[] adData = new byte[1024];
+
+	private final SivMode jceSivMode = new SivMode();
+	private final SivMode bcFastSivMode = new SivMode(new BlockCipherFactory() {
+
+		@Override
+		public BlockCipher create() {
+			return new AESFastEngine();
+		}
+
+	});
+	private final SivMode bcLightSivMode = new SivMode(new BlockCipherFactory() {
+
+		@Override
+		public BlockCipher create() {
+			return new AESLightEngine();
+		}
+
+	});
+
+	@Setup(Level.Trial)
+	public void shuffleData() {
+		run++;
+		Arrays.fill(encKeyBuf, (byte) (run & 0xFF));
+		Arrays.fill(macKeyBuf, (byte) (run & 0xFF));
+		Arrays.fill(testData, (byte) (run & 0xFF));
+		Arrays.fill(adData, (byte) (run & 0xFF));
+	}
+
+	@Benchmark
+	public void benchmarkJce() {
+		jceSivMode.encrypt(encKeyBuf, macKeyBuf, testData, adData);
+	}
+
+	@Benchmark
+	public void benchmarkBcFast() {
+		bcFastSivMode.encrypt(encKeyBuf, macKeyBuf, testData, adData);
+	}
+
+	@Benchmark
+	public void benchmarkBcLight() {
+		bcLightSivMode.encrypt(encKeyBuf, macKeyBuf, testData, adData);
+	}
+
+}
