added key size restrictions

6 files changed, 27 insertions, 23 deletions

diff --git a/crypto/src/pqc/crypto/cmce/CmceKemExtractor.cs b/crypto/src/pqc/crypto/cmce/CmceKemExtractor.cs
index 9c4e84456..9bbdec17b 100644
--- a/crypto/src/pqc/crypto/cmce/CmceKemExtractor.cs
+++ b/crypto/src/pqc/crypto/cmce/CmceKemExtractor.cs
@@ -32,7 +32,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce
             return ExtractSecret(encapsulation, engine.DefaultSessionKeySize);
         }
 
-        public byte[] ExtractSecret(byte[] encapsulation, int sessionKeySizeInBits)
+        private byte[] ExtractSecret(byte[] encapsulation, int sessionKeySizeInBits)
         {
             byte[] session_key = new byte[sessionKeySizeInBits / 8];
             engine.kem_dec(session_key, encapsulation, ((CmcePrivateKeyParameters)key).PrivateKey);
diff --git a/crypto/src/pqc/crypto/cmce/CmceKemGenerator.cs b/crypto/src/pqc/crypto/cmce/CmceKemGenerator.cs
index fe258ce74..ac97fb594 100644
--- a/crypto/src/pqc/crypto/cmce/CmceKemGenerator.cs
+++ b/crypto/src/pqc/crypto/cmce/CmceKemGenerator.cs
@@ -26,7 +26,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce
             return GenerateEncapsulated(recipientKey, engine.DefaultSessionKeySize);
         }
 
-        public ISecretWithEncapsulation GenerateEncapsulated(AsymmetricKeyParameter recipientKey, int sessionKeySizeInBits)
+        private ISecretWithEncapsulation GenerateEncapsulated(AsymmetricKeyParameter recipientKey, int sessionKeySizeInBits)
         {
             CmcePublicKeyParameters key = (CmcePublicKeyParameters)recipientKey;
             CmceEngine engine = key.Parameters.Engine;
diff --git a/crypto/src/pqc/crypto/frodo/FrodoEngine.cs b/crypto/src/pqc/crypto/frodo/FrodoEngine.cs
index 020f721ea..2f9c50921 100644
--- a/crypto/src/pqc/crypto/frodo/FrodoEngine.cs
+++ b/crypto/src/pqc/crypto/frodo/FrodoEngine.cs
@@ -10,7 +10,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
     public class FrodoEngine
     {
         // constant parameters
-        private static int nbar = 8;
+        internal static int nbar = 8;
         private static int mbar = 8;
         private static int len_seedA = 128;
         private static int len_z = 128;
diff --git a/crypto/src/pqc/crypto/frodo/FrodoParameters.cs b/crypto/src/pqc/crypto/frodo/FrodoParameters.cs
index ad04d8c5e..1e28a22bf 100644
--- a/crypto/src/pqc/crypto/frodo/FrodoParameters.cs
+++ b/crypto/src/pqc/crypto/frodo/FrodoParameters.cs
@@ -13,14 +13,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
         private static short[] cdf_table976  = {5638, 15915, 23689, 28571, 31116, 32217, 32613, 32731, 32760, 32766, 32767};
         private static short[] cdf_table1344 = {9142, 23462, 30338, 32361, 32725, 32765, 32767};
 
-        public static FrodoParameters frodokem19888r3 = new FrodoParameters("frodokem19888", 640, 15, 2, cdf_table640, new ShakeDigest(128), new FrodoMatrixGenerator.Aes128MatrixGenerator(640, (1<<15)), 64);
-        public static FrodoParameters frodokem19888shaker3 = new FrodoParameters("frodokem19888shake", 640, 15, 2, cdf_table640, new ShakeDigest(128), new FrodoMatrixGenerator.Shake128MatrixGenerator(640, (1<<15)), 64);
+        public static FrodoParameters frodokem19888r3 = new FrodoParameters("frodokem19888", 640, 15, 2, cdf_table640, new ShakeDigest(128), new FrodoMatrixGenerator.Aes128MatrixGenerator(640, (1<<15)));
+        public static FrodoParameters frodokem19888shaker3 = new FrodoParameters("frodokem19888shake", 640, 15, 2, cdf_table640, new ShakeDigest(128), new FrodoMatrixGenerator.Shake128MatrixGenerator(640, (1<<15)));
 
-        public static FrodoParameters frodokem31296r3 = new FrodoParameters("frodokem31296", 976, 16, 3, cdf_table976, new ShakeDigest(256), new FrodoMatrixGenerator.Aes128MatrixGenerator(976, (1<<16)), 96);
-        public static FrodoParameters frodokem31296shaker3 = new FrodoParameters("frodokem31296shake", 976, 16, 3, cdf_table976, new ShakeDigest(256), new FrodoMatrixGenerator.Shake128MatrixGenerator(976, (1<<16)), 96);
+        public static FrodoParameters frodokem31296r3 = new FrodoParameters("frodokem31296", 976, 16, 3, cdf_table976, new ShakeDigest(256), new FrodoMatrixGenerator.Aes128MatrixGenerator(976, (1<<16)));
+        public static FrodoParameters frodokem31296shaker3 = new FrodoParameters("frodokem31296shake", 976, 16, 3, cdf_table976, new ShakeDigest(256), new FrodoMatrixGenerator.Shake128MatrixGenerator(976, (1<<16)));
 
-        public static FrodoParameters frodokem43088r3 = new FrodoParameters("frodokem43088", 1344, 16, 4, cdf_table1344, new ShakeDigest(256), new FrodoMatrixGenerator.Aes128MatrixGenerator(1344, (1<<16)), 128);
-        public static FrodoParameters frodokem43088shaker3 = new FrodoParameters("frodokem43088shake", 1344, 16, 4, cdf_table1344, new ShakeDigest(256), new FrodoMatrixGenerator.Shake128MatrixGenerator(1344, (1<<16)), 128);
+        public static FrodoParameters frodokem43088r3 = new FrodoParameters("frodokem43088", 1344, 16, 4, cdf_table1344, new ShakeDigest(256), new FrodoMatrixGenerator.Aes128MatrixGenerator(1344, (1<<16)));
+        public static FrodoParameters frodokem43088shaker3 = new FrodoParameters("frodokem43088shake", 1344, 16, 4, cdf_table1344, new ShakeDigest(256), new FrodoMatrixGenerator.Shake128MatrixGenerator(1344, (1<<16)));
 
         private String name;
         private int n;
@@ -32,7 +32,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
         private int defaultKeySize;
         private FrodoEngine engine;
 
-        public FrodoParameters(String name, int n, int d, int b, short[] cdf_table, IDigest digest, FrodoMatrixGenerator mGen, int defaultKeySize)
+        public FrodoParameters(String name, int n, int d, int b, short[] cdf_table, IDigest digest, FrodoMatrixGenerator mGen)
         {
             this.name = name;
             this.n = n;
@@ -41,7 +41,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
             this.cdf_table = cdf_table;
             this.digest = digest;
             this.mGen = mGen;
-            this.defaultKeySize = defaultKeySize;
+            this.defaultKeySize = B * FrodoEngine.nbar * FrodoEngine.nbar;
             this.engine = new FrodoEngine(n, d, b, cdf_table, digest, mGen);
         }
 
diff --git a/crypto/test/src/pqc/crypto/test/CmceVectorTest.cs b/crypto/test/src/pqc/crypto/test/CmceVectorTest.cs
index 821bd5a77..4bf7605e9 100644
--- a/crypto/test/src/pqc/crypto/test/CmceVectorTest.cs
+++ b/crypto/test/src/pqc/crypto/test/CmceVectorTest.cs
@@ -80,6 +80,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
                 CmceParameters.mceliece8192128fr3
             };
 
+            TestSampler sampler = new TestSampler();
             for (int fileIndex = 0; fileIndex != files.Length; fileIndex++)
             {
                 string name = files[fileIndex];
@@ -100,7 +101,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
                     }
                     if (line.Length == 0)
                     {
-                        if (buf.Count > 0)
+                        if (buf.Count > 0 && !sampler.SkipTest(buf["count"]))
                         {
                             string count = buf["count"];
                             if (!"0".Equals(count))
@@ -137,18 +138,19 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
 
                             // KEM Enc
                             CmceKemGenerator CmceEncCipher = new CmceKemGenerator(random);
-                            ISecretWithEncapsulation secWenc = CmceEncCipher.GenerateEncapsulated(pubParams, 256);
+                            ISecretWithEncapsulation secWenc = CmceEncCipher.GenerateEncapsulated(pubParams);
                             byte[] generated_cipher_text = secWenc.GetEncapsulation();
                             Assert.True(Arrays.AreEqual(ct, generated_cipher_text), name + " " + count + ": kem_enc cipher text");
                             byte[] secret = secWenc.GetSecret();
-                            Assert.True(Arrays.AreEqual(ss, secret), name + " " + count + ": kem_enc key");
+                            Assert.True(Arrays.AreEqual(ss, 0, secret.Length, secret, 0, secret.Length), name + " " + count + ": kem_enc key");
 
                             // KEM Dec
                             CmceKemExtractor CmceDecCipher = new CmceKemExtractor(privParams);
 
-                            byte[] dec_key = CmceDecCipher.ExtractSecret(generated_cipher_text, 256);
+                            byte[] dec_key = CmceDecCipher.ExtractSecret(generated_cipher_text);
 
-                            Assert.True(Arrays.AreEqual(dec_key, ss), name + " " + count + ": kem_dec ss");
+                            Assert.True(Cmceparameters.DefaultKeySize == dec_key.Length * 8);
+                            Assert.True(Arrays.AreEqual(dec_key, 0, dec_key.Length, ss, 0, dec_key.Length), name + " " + count + ": kem_dec ss");
                             Assert.True(Arrays.AreEqual(dec_key, secret), name + " " + count + ": kem_dec key");
                         }
                         buf.Clear();
diff --git a/crypto/test/src/pqc/crypto/test/FrodoVectorTest.cs b/crypto/test/src/pqc/crypto/test/FrodoVectorTest.cs
index 90498ae7f..311a5cd3a 100644
--- a/crypto/test/src/pqc/crypto/test/FrodoVectorTest.cs
+++ b/crypto/test/src/pqc/crypto/test/FrodoVectorTest.cs
@@ -28,12 +28,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
                     FrodoParameters.frodokem43088shaker3
             };
 
-            Assert.AreEqual(64, FrodoParameters.frodokem19888r3.DefaultKeySize);
-            Assert.AreEqual(64, FrodoParameters.frodokem19888shaker3.DefaultKeySize);
-            Assert.AreEqual(96, FrodoParameters.frodokem31296r3.DefaultKeySize);
-            Assert.AreEqual(96, FrodoParameters.frodokem31296shaker3.DefaultKeySize);
-            Assert.AreEqual(128, FrodoParameters.frodokem43088r3.DefaultKeySize);
-            Assert.AreEqual(128, FrodoParameters.frodokem43088shaker3.DefaultKeySize);
+            Assert.AreEqual(128, FrodoParameters.frodokem19888r3.DefaultKeySize);
+            Assert.AreEqual(128, FrodoParameters.frodokem19888shaker3.DefaultKeySize);
+            Assert.AreEqual(192, FrodoParameters.frodokem31296r3.DefaultKeySize);
+            Assert.AreEqual(192, FrodoParameters.frodokem31296shaker3.DefaultKeySize);
+            Assert.AreEqual(256, FrodoParameters.frodokem43088r3.DefaultKeySize);
+            Assert.AreEqual(256, FrodoParameters.frodokem43088shaker3.DefaultKeySize);
         }
         
         [Test]
@@ -76,6 +76,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
                     FrodoParameters.frodokem19888shaker3,
                 };
             }
+            TestSampler sampler = new TestSampler();
             for (int fileIndex = 0; fileIndex != files.Length; fileIndex++)
             {
                 String name = files[fileIndex];
@@ -95,7 +96,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
                     }
                     if (line.Length == 0)
                     {
-                        if (buf.Count > 0)
+                        if (buf.Count > 0 && !sampler.SkipTest(buf["count"]))
                         {
                             String count = buf["count"];
                             if (!"0".Equals(count))
@@ -144,6 +145,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
 
                             byte[] dec_key = frodoDecCipher.ExtractSecret(generated_cipher_text);
 
+                            Assert.True(frodoParameters.DefaultKeySize == dec_key.Length * 8);
                             Assert.True(Arrays.AreEqual(dec_key, ss), $"{name} {count}: kem_dec ss");
                             Assert.True(Arrays.AreEqual(dec_key, secret),$"{name} {count}: kem_dec key");
                         }