Stream cipher reset tests + fixes.

core/src/main/java/org/bouncycastle/crypto/engines/Grain128Engine.java

@@ -89,8 +89,7 @@ public void init(boolean forEncryption, CipherParameters params)
         System.arraycopy(iv, 0, workingIV, 0, iv.length);
         System.arraycopy(key.getKey(), 0, workingKey, 0, key.getKey().length);
 
-        setKey(workingKey, workingIV);
-        initGrain();
+        reset();
     }
 
     /**

core/src/main/java/org/bouncycastle/crypto/engines/Grainv1Engine.java

@@ -89,8 +89,7 @@ public void init(boolean forEncryption, CipherParameters params)
         System.arraycopy(iv, 0, workingIV, 0, iv.length);
         System.arraycopy(key.getKey(), 0, workingKey, 0, key.getKey().length);
 
-        setKey(workingKey, workingIV);
-        initGrain();
+        reset();
     }
 
     /**

core/src/main/java/org/bouncycastle/crypto/engines/HC128Engine.java

@@ -118,6 +118,7 @@ private void init()
                 "The key must be 128 bits long");
         }
 
+        idx = 0;
         cnt = 0;
 
         int[] w = new int[1280];
@@ -246,7 +247,6 @@ public void processBytes(byte[] in, int inOff, int len, byte[] out,
 
     public void reset()
     {
-        idx = 0;
         init();
     }
 

core/src/main/java/org/bouncycastle/crypto/engines/HC256Engine.java

@@ -99,6 +99,7 @@ private void init()
             iv = newIV;
         }
 
+        idx = 0;
         cnt = 0;
 
         int[] w = new int[2560];
@@ -226,7 +227,6 @@ public void processBytes(byte[] in, int inOff, int len, byte[] out,
 
     public void reset()
     {
-        idx = 0;
         init();
     }
 

core/src/test/java/org/bouncycastle/crypto/test/RegressionTest.java

@@ -126,6 +126,7 @@ public class RegressionTest
         new ECIESKeyEncapsulationTest(),
         new HashCommitmentTest(),
         new BlockCipherResetTest(),
+        new StreamCipherResetTest(),
         new SM3DigestTest(),
         new KDFCounterGeneratorTest(),
         new KDFDoublePipelineIteratorGeneratorTest(),

core/src/test/java/org/bouncycastle/crypto/test/StreamCipherResetTest.java

@@ -0,0 +1,134 @@
+package org.bouncycastle.crypto.test;
+
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.CipherParameters;
+import org.bouncycastle.crypto.InvalidCipherTextException;
+import org.bouncycastle.crypto.StreamCipher;
+import org.bouncycastle.crypto.engines.ChaChaEngine;
+import org.bouncycastle.crypto.engines.Grain128Engine;
+import org.bouncycastle.crypto.engines.Grainv1Engine;
+import org.bouncycastle.crypto.engines.HC128Engine;
+import org.bouncycastle.crypto.engines.HC256Engine;
+import org.bouncycastle.crypto.engines.ISAACEngine;
+import org.bouncycastle.crypto.engines.RC4Engine;
+import org.bouncycastle.crypto.engines.Salsa20Engine;
+import org.bouncycastle.crypto.engines.XSalsa20Engine;
+import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.crypto.params.ParametersWithIV;
+import org.bouncycastle.util.Arrays;
+import org.bouncycastle.util.encoders.Hex;
+import org.bouncycastle.util.test.SimpleTest;
+
+/**
+ * Test whether block ciphers implement reset contract on init, encrypt/decrypt and reset.
+ */
+public class StreamCipherResetTest
+    extends SimpleTest
+{
+
+    @Override
+    public String getName()
+    {
+        return "Stream Cipher Reset";
+    }
+
+    @Override
+    public void performTest()
+        throws Exception
+    {
+        testReset(new Salsa20Engine(), new Salsa20Engine(), new ParametersWithIV(new KeyParameter(random(32)),
+                random(8)));
+        testReset(new Salsa20Engine(), new Salsa20Engine(), new ParametersWithIV(new KeyParameter(random(16)),
+                random(8)));
+        testReset(new XSalsa20Engine(), new XSalsa20Engine(), new ParametersWithIV(new KeyParameter(random(32)),
+                random(24)));
+        testReset(new ChaChaEngine(), new ChaChaEngine(), new ParametersWithIV(new KeyParameter(random(32)), random(8)));
+        testReset(new ChaChaEngine(), new ChaChaEngine(), new ParametersWithIV(new KeyParameter(random(16)), random(8)));
+        testReset(new RC4Engine(), new RC4Engine(), new KeyParameter(random(16)));
+        testReset(new ISAACEngine(), new ISAACEngine(), new KeyParameter(random(16)));
+        testReset(new HC128Engine(), new HC128Engine(), new ParametersWithIV(new KeyParameter(random(16)), random(16)));
+        testReset(new HC256Engine(), new HC256Engine(), new ParametersWithIV(new KeyParameter(random(16)), random(16)));
+        testReset(new Grainv1Engine(), new Grainv1Engine(), new ParametersWithIV(new KeyParameter(random(16)),
+                random(8)));
+        testReset(new Grain128Engine(), new Grain128Engine(), new ParametersWithIV(new KeyParameter(random(16)),
+                random(12)));
+    }
+
+    private static final SecureRandom RAND = new SecureRandom();
+
+    private byte[] random(int size)
+    {
+        final byte[] data = new byte[size];
+        RAND.nextBytes(data);
+        return data;
+    }
+
+    private void testReset(StreamCipher cipher1, StreamCipher cipher2, CipherParameters params)
+        throws InvalidCipherTextException
+    {
+        cipher1.init(true, params);
+
+        byte[] plaintext = new byte[1023];
+        byte[] ciphertext = new byte[plaintext.length];
+
+        // Establish baseline answer
+        cipher1.processBytes(plaintext, 0, plaintext.length, ciphertext, 0);
+
+        // Test encryption resets
+        checkReset(cipher1, params, true, plaintext, ciphertext);
+
+        // Test decryption resets with fresh instance
+        cipher2.init(false, params);
+        checkReset(cipher2, params, false, ciphertext, plaintext);
+    }
+
+    private void checkReset(StreamCipher cipher,
+                            CipherParameters params,
+                            boolean encrypt,
+                            byte[] pretext,
+                            byte[] posttext)
+        throws InvalidCipherTextException
+    {
+        // Do initial run
+        byte[] output = new byte[posttext.length];
+        cipher.processBytes(pretext, 0, pretext.length, output, 0);
+
+        // Check encrypt resets cipher
+        cipher.init(encrypt, params);
+
+        try
+        {
+            cipher.processBytes(pretext, 0, pretext.length, output, 0);
+        } catch (Exception e)
+        {
+            fail(cipher.getAlgorithmName() + " init did not reset: " + e.getMessage());
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(cipher.getAlgorithmName() + " init did not reset.", new String(Hex.encode(posttext)),
+                    new String(Hex.encode(output)));
+        }
+
+        // Check reset resets data
+        cipher.reset();
+
+        try
+        {
+            cipher.processBytes(pretext, 0, pretext.length, output, 0);
+        } catch (Exception e)
+        {
+            fail(cipher.getAlgorithmName() + " reset did not reset: " + e.getMessage());
+        }
+        if (!Arrays.areEqual(output, posttext))
+        {
+            fail(cipher.getAlgorithmName() + " reset did not reset.");
+        }
+    }
+
+    public static void main(String[] args)
+    {
+        runTest(new StreamCipherResetTest());
+    }
+
+}

docs/releasenotes.html

@@ -33,7 +33,7 @@ <h3>2.1.2 Defects Fixed</h3>
 <li>Occasionally the provider implementation of DH KeyAgreement would drop a leading zero byte off the start of the shared secret (see RFC 2631 2.1.2). This has been fixed.</li>
 <li>RFC3394WrapEngine was ignoring the offset parameter inOff and using zero instead. This has been fixed.</li>
 <li>GOST keys would not encode using the CryptoPro parameter set, even if it was available. This has been fixed.</li>
-<li>The TimeStampRequest stream constructor was not setting the extensions field correctly. This has been fixed.</li>
+<li>The TimeStampRequest stream constructor was not setting the extensions field properly. This has been fixed.</li>
 </ul>
 <h3>2.1.3 Additional Features and Functionality</h3>
 <ul>