diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-10-10 20:18:59 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-10-10 20:18:59 +0700 |
| commit | f759b716f0fd77afc0e0378c694a3665f79337b0 (patch) | |
| tree | dcc66842e224a564a85039a0cf02ecc43dc86562 | |
| parent | Fix checksum conversion to base w (diff) | |
| download | BouncyCastle.NET-ed25519-f759b716f0fd77afc0e0378c694a3665f79337b0.tar.xz | |
Refactoring pass over Pqc.Crypto.SphincsPlus
26 files changed, 578 insertions, 600 deletions
diff --git a/crypto/src/crypto/util/Pack.cs b/crypto/src/crypto/util/Pack.cs index 3396a7fc7..e281f1818 100644 --- a/crypto/src/crypto/util/Pack.cs +++ b/crypto/src/crypto/util/Pack.cs @@ -1,4 +1,5 @@ using System; +using System.Diagnostics; using System.Runtime.CompilerServices; namespace Org.BouncyCastle.Crypto.Utilities @@ -152,6 +153,19 @@ namespace Org.BouncyCastle.Crypto.Utilities | bs[off + 3]; } + internal static uint BE_To_UInt32_Partial(byte[] bs, int off, int len) + { + Debug.Assert(1 <= len && len <= 4); + + uint result = bs[off]; + for (int i = 1; i < len; ++i) + { + result <<= 8; + result |= bs[off + i]; + } + return result; + } + internal static void BE_To_UInt32(byte[] bs, int off, uint[] ns) { for (int i = 0; i < ns.Length; ++i) @@ -228,6 +242,19 @@ namespace Org.BouncyCastle.Crypto.Utilities return ((ulong)hi << 32) | (ulong)lo; } + internal static ulong BE_To_UInt64_Partial(byte[] bs, int off, int len) + { + Debug.Assert(1 <= len && len <= 8); + + ulong result = bs[off]; + for (int i = 1; i < len; ++i) + { + result <<= 8; + result |= bs[off + i]; + } + return result; + } + internal static void BE_To_UInt64(byte[] bs, int off, ulong[] ns) { for (int i = 0; i < ns.Length; ++i) diff --git a/crypto/src/pqc/crypto/sphincsplus/Adrs.cs b/crypto/src/pqc/crypto/sphincsplus/Adrs.cs index 6c22a9d78..39b0fa16d 100644 --- a/crypto/src/pqc/crypto/sphincsplus/Adrs.cs +++ b/crypto/src/pqc/crypto/sphincsplus/Adrs.cs @@ -7,24 +7,24 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { internal class Adrs { - public static uint WOTS_HASH = 0; - public static uint WOTS_PK = 1; - public static uint TREE = 2; - public static uint FORS_TREE = 3; - public static uint FORS_PK = 4; - public static uint WOTS_PRF = 5; - public static uint FORS_PRF = 6; + internal static uint WOTS_HASH = 0; + internal static uint WOTS_PK = 1; + internal static uint TREE = 2; + internal static uint FORS_TREE = 3; + internal static uint FORS_PK = 4; + internal static uint WOTS_PRF = 5; + internal static uint FORS_PRF = 6; internal static int OFFSET_LAYER = 0; internal static int OFFSET_TREE = 4; - static int OFFSET_TREE_HGT = 24; - static int OFFSET_TREE_INDEX = 28; + internal static int OFFSET_TREE_HGT = 24; + internal static int OFFSET_TREE_INDEX = 28; internal static int OFFSET_TYPE = 16; - static int OFFSET_KP_ADDR = 20; - static int OFFSET_CHAIN_ADDR = 24; - static int OFFSET_HASH_ADDR = 28; + internal static int OFFSET_KP_ADDR = 20; + internal static int OFFSET_CHAIN_ADDR = 24; + internal static int OFFSET_HASH_ADDR = 28; - internal byte[] value = new byte[32]; + internal readonly byte[] value = new byte[32]; internal Adrs() { @@ -32,80 +32,80 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus internal Adrs(Adrs adrs) { - Array.Copy(adrs.value, 0, this.value, 0, adrs.value.Length); + Array.Copy(adrs.value, 0, value, 0, adrs.value.Length); } - public void SetLayerAddress(uint layer) + internal void SetLayerAddress(uint layer) { Pack.UInt32_To_BE(layer, value, OFFSET_LAYER); } - public uint GetLayerAddress() + internal uint GetLayerAddress() { return Pack.BE_To_UInt32(value, OFFSET_LAYER); } - public void SetTreeAddress(ulong tree) + internal void SetTreeAddress(ulong tree) { // tree address is 12 bytes Pack.UInt64_To_BE(tree, value, OFFSET_TREE + 4); } - public ulong GetTreeAddress() + internal ulong GetTreeAddress() { + // tree address is 12 bytes return Pack.BE_To_UInt64(value, OFFSET_TREE + 4); } - public void SetTreeHeight(uint height) + internal void SetTreeHeight(uint height) { Pack.UInt32_To_BE(height, value, OFFSET_TREE_HGT); } - public uint GetTreeHeight() + internal uint GetTreeHeight() { return Pack.BE_To_UInt32(value, OFFSET_TREE_HGT); } - public void SetTreeIndex(uint index) + internal void SetTreeIndex(uint index) { Pack.UInt32_To_BE(index, value, OFFSET_TREE_INDEX); } - public uint GetTreeIndex() + internal uint GetTreeIndex() { return Pack.BE_To_UInt32(value, OFFSET_TREE_INDEX); } // resets part of value to zero in line with 2.7.3 - public void SetType(uint type) + internal void SetAdrsType(uint adrsType) { - Pack.UInt32_To_BE(type, value, OFFSET_TYPE); + Pack.UInt32_To_BE(adrsType, value, OFFSET_TYPE); - Arrays.Fill(value, 20, value.Length, (byte) 0); + Arrays.Fill(value, OFFSET_TYPE + 4, value.Length, 0x00); } - public void ChangeType(uint type) + internal void ChangeAdrsType(uint adrsType) { - Pack.UInt32_To_BE(type, value, OFFSET_TYPE); + Pack.UInt32_To_BE(adrsType, value, OFFSET_TYPE); } - // FIXME - public new uint GetType() + internal uint GetAdrsType() { return Pack.BE_To_UInt32(value, OFFSET_TYPE); } - public void SetKeyPairAddress(uint keyPairAddr) + internal void SetKeyPairAddress(uint keyPairAddr) { Pack.UInt32_To_BE(keyPairAddr, value, OFFSET_KP_ADDR); } - public uint GetKeyPairAddress() + internal uint GetKeyPairAddress() { return Pack.BE_To_UInt32(value, OFFSET_KP_ADDR); } - public void SetHashAddress(uint hashAddr) + internal void SetHashAddress(uint hashAddr) { Pack.UInt32_To_BE(hashAddr, value, OFFSET_HASH_ADDR); } @@ -115,4 +115,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus Pack.UInt32_To_BE(chainAddr, value, OFFSET_CHAIN_ADDR); } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/Fors.cs b/crypto/src/pqc/crypto/sphincsplus/Fors.cs index af86eec10..1698d1be7 100644 --- a/crypto/src/pqc/crypto/sphincsplus/Fors.cs +++ b/crypto/src/pqc/crypto/sphincsplus/Fors.cs @@ -1,94 +1,93 @@ -using System; using System.Collections.Generic; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - class Fors + internal class Fors { - SPHINCSPlusEngine engine; + private readonly SphincsPlusEngine engine; - public Fors(SPHINCSPlusEngine engine) + internal Fors(SphincsPlusEngine engine) { this.engine = engine; } // Input: Secret seed SK.seed, start index s, target node height z, public seed PK.seed, address Adrs // Output: n-byte root node - top node on Stack - byte[] TreeHash(byte[] skSeed, uint s, int z, byte[] pkSeed, Adrs adrsParam) + internal byte[] TreeHash(byte[] skSeed, uint s, int z, byte[] pkSeed, Adrs adrsParam) { - var stack = new List<NodeEntry>(); - if (s % (1 << z) != 0) - { return null; - } + var stack = new Stack<NodeEntry>(); Adrs adrs = new Adrs(adrsParam); + byte[] sk = new byte[engine.N]; for (uint idx = 0; idx < (1 << z); idx++) { - adrs.SetType(Adrs.FORS_PRF); + adrs.SetAdrsType(Adrs.FORS_PRF); adrs.SetKeyPairAddress(adrsParam.GetKeyPairAddress()); adrs.SetTreeHeight(0); adrs.SetTreeIndex(s + idx); - byte[] sk = engine.PRF(pkSeed, skSeed, adrs); + engine.PRF(pkSeed, skSeed, adrs, sk, 0); - adrs.ChangeType(Adrs.FORS_TREE); + adrs.ChangeAdrsType(Adrs.FORS_TREE); byte[] node = engine.F(pkSeed, adrs, sk); - + adrs.SetTreeHeight(1); + uint adrsTreeHeight = 1; + uint adrsTreeIndex = s + idx; + // while ( Top node on Stack has same height as node ) - while (stack.Count != 0 - && ((NodeEntry) stack[0]).nodeHeight == adrs.GetTreeHeight()) + while (stack.Count > 0 && stack.Peek().nodeHeight == adrsTreeHeight) { - adrs.SetTreeIndex((adrs.GetTreeIndex() - 1) / 2); - NodeEntry current = (NodeEntry) stack[0]; - stack.RemoveAt(0); + adrsTreeIndex = (adrsTreeIndex - 1) / 2; + adrs.SetTreeIndex(adrsTreeIndex); + + node = engine.H(pkSeed, adrs, stack.Pop().nodeValue, node); - node = engine.H(pkSeed, adrs, current.nodeValue, node); //topmost node is now one layer higher - adrs.SetTreeHeight(adrs.GetTreeHeight() + 1); + adrs.SetTreeHeight(++adrsTreeHeight); } - stack.Insert(0, new NodeEntry(node, adrs.GetTreeHeight())); + stack.Push(new NodeEntry(node, adrsTreeHeight)); } - return ((NodeEntry) stack[0]).nodeValue; + return stack.Peek().nodeValue; } - public SIG_FORS[] Sign(byte[] md, byte[] skSeed, byte[] pkSeed, Adrs paramAdrs) + internal SIG_FORS[] Sign(byte[] md, byte[] skSeed, byte[] pkSeed, Adrs paramAdrs) { Adrs adrs = new Adrs(paramAdrs); - uint[] idxs = MessageToIdxs(md, engine.K, engine.A); SIG_FORS[] sig_fors = new SIG_FORS[engine.K]; // compute signature elements uint t = engine.T; for (uint i = 0; i < engine.K; i++) { // get next index - uint idx = idxs[i]; + uint idx = GetMessageIdx(md, (int)i, engine.A); + // pick private key element - - adrs.SetType(Adrs.FORS_PRF); + adrs.SetAdrsType(Adrs.FORS_PRF); adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress()); adrs.SetTreeHeight(0); adrs.SetTreeIndex((uint) (i * t + idx)); - - byte[] sk = engine.PRF(pkSeed, skSeed, adrs); - - adrs.ChangeType(Adrs.FORS_TREE); - + + byte[] sk = new byte[engine.N]; + engine.PRF(pkSeed, skSeed, adrs, sk, 0); + + adrs.ChangeAdrsType(Adrs.FORS_TREE); + byte[][] authPath = new byte[engine.A][]; // compute auth path for (int j = 0; j < engine.A; j++) { - uint s = (uint) (idx / (1 << j)) ^ 1; - authPath[j] = TreeHash(skSeed, (uint) (i * t + s * (1 << j)), j, pkSeed, adrs); + uint s = (idx >> j) ^ 1U; + authPath[j] = TreeHash(skSeed, (uint) (i * t + (s << j)), j, pkSeed, adrs); } sig_fors[i] = new SIG_FORS(sk, authPath); @@ -97,49 +96,48 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return sig_fors; } - public byte[] PKFromSig(SIG_FORS[] sig_fors, byte[] message, byte[] pkSeed, Adrs adrs) + internal byte[] PKFromSig(SIG_FORS[] sig_fors, byte[] message, byte[] pkSeed, Adrs adrs) { - byte[][] node = new byte[2][]; byte[][] root = new byte[engine.K][]; uint t = engine.T; - uint[] idxs = MessageToIdxs(message, engine.K, engine.A); // compute roots for (uint i = 0; i < engine.K; i++) { // get next index - uint idx = idxs[i]; + uint idx = GetMessageIdx(message, (int)i, engine.A); + // compute leaf byte[] sk = sig_fors[i].SK; adrs.SetTreeHeight(0); adrs.SetTreeIndex(i * t + idx); - node[0] = engine.F(pkSeed, adrs, sk); + byte[] node = engine.F(pkSeed, adrs, sk); + // compute root from leaf and AUTH byte[][] authPath = sig_fors[i].AuthPath; - - adrs.SetTreeIndex(i * t + idx); + uint adrsTreeIndex = i * t + idx; for (int j = 0; j < engine.A; j++) { adrs.SetTreeHeight((uint)j + 1); - if (((idx / (1 << j)) % 2) == 0) + if (((idx >> j) % 2) == 0U) { - adrs.SetTreeIndex(adrs.GetTreeIndex() / 2); - node[1] = engine.H(pkSeed, adrs, node[0], authPath[j]); + adrsTreeIndex = adrsTreeIndex / 2; + adrs.SetTreeIndex(adrsTreeIndex); + node = engine.H(pkSeed, adrs, node, authPath[j]); } else { - adrs.SetTreeIndex((adrs.GetTreeIndex() - 1) / 2); - node[1] = engine.H(pkSeed, adrs, authPath[j], node[0]); + adrsTreeIndex = (adrsTreeIndex - 1) / 2; + adrs.SetTreeIndex(adrsTreeIndex); + node = engine.H(pkSeed, adrs, authPath[j], node); } - - node[0] = node[1]; } - root[i] = node[0]; + root[i] = node; } Adrs forspkAdrs = new Adrs(adrs); // copy address to create FTS public key address - forspkAdrs.SetType(Adrs.FORS_PK); + forspkAdrs.SetAdrsType(Adrs.FORS_PK); forspkAdrs.SetKeyPairAddress(adrs.GetKeyPairAddress()); return engine.T_l(pkSeed, forspkAdrs, Arrays.ConcatenateAll(root)); } @@ -149,21 +147,16 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus * Assumes m contains at least SPX_FORS_HEIGHT * SPX_FORS_TREES bits. * Assumes indices has space for SPX_FORS_TREES integers. */ - static uint[] MessageToIdxs(byte[] msg, int fors_trees, int fors_height) + private static uint GetMessageIdx(byte[] msg, int fors_tree, int fors_height) { - uint offset = 0; - uint[] idxs = new uint[fors_trees]; - for (int i = 0; i < fors_trees; i++) + int offset = fors_tree * fors_height; + uint idx = 0; + for (int bit = 0; bit < fors_height; bit++) { - idxs[i] = 0; - for (int j = 0; j < fors_height; j++) - { - idxs[i] ^= (uint) (((msg[offset >> 3] >> (int)(offset & 0x7)) & 0x1) << j); - offset++; - } + idx ^= (((uint)msg[offset >> 3] >> (offset & 0x7)) & 1U) << bit; + offset++; } - - return idxs; + return idx; } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/HT.cs b/crypto/src/pqc/crypto/sphincsplus/HT.cs index 2cd149f0d..59d0aeb1d 100644 --- a/crypto/src/pqc/crypto/sphincsplus/HT.cs +++ b/crypto/src/pqc/crypto/sphincsplus/HT.cs @@ -9,12 +9,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { private byte[] skSeed; private byte[] pkSeed; - SPHINCSPlusEngine engine; + SphincsPlusEngine engine; WotsPlus wots; internal byte[] HTPubKey; - public HT(SPHINCSPlusEngine engine, byte[] skSeed, byte[] pkSeed) + public HT(SphincsPlusEngine engine, byte[] skSeed, byte[] pkSeed) { this.skSeed = skSeed; this.pkSeed = pkSeed; @@ -87,16 +87,16 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus Adrs adrs = new Adrs(paramAdrs); // compute WOTS+ pk from WOTS+ sig - adrs.SetType(Adrs.WOTS_HASH); + adrs.SetAdrsType(Adrs.WOTS_HASH); adrs.SetKeyPairAddress(idx); - byte[] sig = sig_xmss.GetWOTSSig(); - byte[][] AUTH = sig_xmss.GetXMSSAUTH(); + byte[] sig = sig_xmss.WotsSig; + byte[][] AUTH = sig_xmss.XmssAuth; byte[] node0 = wots.PKFromSig(sig, M, pkSeed, adrs); byte[] node1 = null; // compute root from WOTS+ pk and AUTH - adrs.SetType(Adrs.TREE); + adrs.SetAdrsType(Adrs.TREE); adrs.SetTreeIndex(idx); for (uint k = 0; k < engine.H_PRIME; k++) { @@ -127,7 +127,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus Adrs adrs = new Adrs(paramAdrs); - adrs.SetType(Adrs.TREE); + adrs.SetAdrsType(Adrs.TREE); adrs.SetLayerAddress(paramAdrs.GetLayerAddress()); adrs.SetTreeAddress(paramAdrs.GetTreeAddress()); @@ -140,7 +140,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus } adrs = new Adrs(paramAdrs); - adrs.SetType(Adrs.WOTS_PK); + adrs.SetAdrsType(Adrs.WOTS_PK); adrs.SetKeyPairAddress(idx); byte[] sig = wots.Sign(M, skSeed, pkSeed, adrs); @@ -153,41 +153,41 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus // Output: n-byte root node - top node on Stack byte[] TreeHash(byte[] skSeed, uint s, uint z, byte[] pkSeed, Adrs adrsParam) { - Adrs adrs = new Adrs(adrsParam); - - var stack = new List<NodeEntry>(); - if (s % (1 << (int)z) != 0) - { return null; - } + + var stack = new Stack<NodeEntry>(); + Adrs adrs = new Adrs(adrsParam); for (uint idx = 0; idx < (1 << (int)z); idx++) { - adrs.SetType(Adrs.WOTS_HASH); + adrs.SetAdrsType(Adrs.WOTS_HASH); adrs.SetKeyPairAddress(s + idx); byte[] node = wots.PKGen(skSeed, pkSeed, adrs); - adrs.SetType(Adrs.TREE); + adrs.SetAdrsType(Adrs.TREE); adrs.SetTreeHeight(1); adrs.SetTreeIndex(s + idx); + uint adrsTreeHeight = 1; + uint adrsTreeIndex = s + idx; + // while ( Top node on Stack has same height as node ) - while (stack.Count != 0 - && ((NodeEntry) stack[0]).nodeHeight == adrs.GetTreeHeight()) + while (stack.Count > 0 && stack.Peek().nodeHeight == adrsTreeHeight) { - adrs.SetTreeIndex((adrs.GetTreeIndex() - 1) / 2); - NodeEntry current = ((NodeEntry) stack[0]); - stack.RemoveAt(0); - node = engine.H(pkSeed, adrs, current.nodeValue, node); + adrsTreeIndex = (adrsTreeIndex - 1) / 2; + adrs.SetTreeIndex(adrsTreeIndex); + + node = engine.H(pkSeed, adrs, stack.Pop().nodeValue, node); + //topmost node is now one layer higher - adrs.SetTreeHeight(adrs.GetTreeHeight() + 1); + adrs.SetTreeHeight(++adrsTreeHeight); } - stack.Insert(0, new NodeEntry(node, adrs.GetTreeHeight())); + stack.Push(new NodeEntry(node, adrsTreeHeight)); } - return ((NodeEntry) stack[0]).nodeValue; + return stack.Peek().nodeValue; } // # Input: Message M, signature SIG_HT, public seed PK.seed, tree index idx_tree, @@ -215,4 +215,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return Arrays.AreEqual(PK_HT, node); } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/IndexedDigest.cs b/crypto/src/pqc/crypto/sphincsplus/IndexedDigest.cs index 61ea81c9f..6028ea2d9 100644 --- a/crypto/src/pqc/crypto/sphincsplus/IndexedDigest.cs +++ b/crypto/src/pqc/crypto/sphincsplus/IndexedDigest.cs @@ -1,6 +1,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - class IndexedDigest + internal class IndexedDigest { internal ulong idx_tree; internal uint idx_leaf; @@ -13,4 +13,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus this.digest = digest; } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/NodeEntry.cs b/crypto/src/pqc/crypto/sphincsplus/NodeEntry.cs index 62713f683..d3175349b 100644 --- a/crypto/src/pqc/crypto/sphincsplus/NodeEntry.cs +++ b/crypto/src/pqc/crypto/sphincsplus/NodeEntry.cs @@ -1,9 +1,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - class NodeEntry + internal class NodeEntry { - internal byte[] nodeValue; - internal uint nodeHeight; + internal readonly byte[] nodeValue; + internal readonly uint nodeHeight; internal NodeEntry(byte[] nodeValue, uint nodeHeight) { @@ -11,4 +11,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus this.nodeHeight = nodeHeight; } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/PK.cs b/crypto/src/pqc/crypto/sphincsplus/PK.cs index 8e97d9adb..3a5723de3 100644 --- a/crypto/src/pqc/crypto/sphincsplus/PK.cs +++ b/crypto/src/pqc/crypto/sphincsplus/PK.cs @@ -1,6 +1,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - class PK + internal class PK { internal byte[] seed; internal byte[] root; @@ -11,4 +11,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus this.root = root; } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SIG.cs b/crypto/src/pqc/crypto/sphincsplus/SIG.cs index ee6234985..2fc375fe6 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SIG.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SIG.cs @@ -2,7 +2,7 @@ using System; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - class SIG + internal class SIG { private byte[] r; private SIG_FORS[] sig_fors; @@ -49,16 +49,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus } if (offset != signature.Length) - { throw new ArgumentException("signature wrong length"); - } } public byte[] R => r; public SIG_FORS[] SIG_FORS => sig_fors; - public SIG_XMSS[] SIG_HT => sig_ht; } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SIG_FORS.cs b/crypto/src/pqc/crypto/sphincsplus/SIG_FORS.cs index 4760e9ca9..f052d4220 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SIG_FORS.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SIG_FORS.cs @@ -1,6 +1,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - class SIG_FORS + internal class SIG_FORS { internal byte[][] authPath; internal byte[] sk; @@ -15,4 +15,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus public byte[][] AuthPath => authPath; } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SIG_XMSS.cs b/crypto/src/pqc/crypto/sphincsplus/SIG_XMSS.cs index 6df86aac7..4a0a8001d 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SIG_XMSS.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SIG_XMSS.cs @@ -1,24 +1,18 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - class SIG_XMSS + internal class SIG_XMSS { internal byte[] sig; internal byte[][] auth; - public SIG_XMSS(byte[] sig, byte[][] auth) + internal SIG_XMSS(byte[] sig, byte[][] auth) { this.sig = sig; this.auth = auth; } - public byte[] GetWOTSSig() - { - return sig; - } + internal byte[] WotsSig => sig; - public byte[][] GetXMSSAUTH() - { - return auth; - } + internal byte[][] XmssAuth => auth; } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SK.cs b/crypto/src/pqc/crypto/sphincsplus/SK.cs index 5fb3d0839..86eefa110 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SK.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SK.cs @@ -1,6 +1,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - class SK + internal class SK { internal byte[] seed; internal byte[] prf; @@ -11,4 +11,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus this.prf = prf; } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs index c9176ecaa..f7617f3c1 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs @@ -10,7 +10,7 @@ using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - internal abstract class SPHINCSPlusEngine + internal abstract class SphincsPlusEngine { bool robust; @@ -30,7 +30,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus internal uint T; // T = 1 << A - public SPHINCSPlusEngine(bool robust, int n, uint w, uint d, int a, int k, uint h) + public SphincsPlusEngine(bool robust, int n, uint w, uint d, int a, int k, uint h) { this.N = n; @@ -100,12 +100,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus public abstract byte[] T_l(byte[] pkSeed, Adrs adrs, byte[] m); - public abstract byte[] PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs); + public abstract void PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs, byte[] prf, int prfOff); public abstract byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message); internal class Sha2Engine - : SPHINCSPlusEngine + : SphincsPlusEngine { private HMac treeHMac; private Mgf1BytesGenerator mgf1; @@ -207,33 +207,25 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus uint treeBits = FH - leafBits; uint leafBytes = (leafBits + 7) / 8; uint treeBytes = (treeBits + 7) / 8; - uint m = (uint)forsMsgBytes + leafBytes + treeBytes; - byte[] output = new byte[m]; - byte[] dig = new byte[msgDigest.GetDigestSize()]; + uint m = (uint)forsMsgBytes + treeBytes + leafBytes; + byte[] dig = new byte[msgDigest.GetDigestSize()]; msgDigest.BlockUpdate(prf, 0, prf.Length); msgDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); msgDigest.BlockUpdate(pkRoot, 0, pkRoot.Length); msgDigest.BlockUpdate(message, 0, message.Length); msgDigest.DoFinal(dig, 0); - + byte[] output = new byte[m]; output = Bitmask(Arrays.ConcatenateAll(prf, pkSeed, dig), output); // tree index // currently, only indexes up to 64 bits are supported - byte[] treeIndexBuf = new byte[8]; - Array.Copy(output, forsMsgBytes, treeIndexBuf, 8 - treeBytes, treeBytes); - ulong treeIndex = Pack.BE_To_UInt64(treeIndexBuf, 0); - if (64 - treeBits != 0) - treeIndex &= (ulong)((0x7fffffffffffffffL) >> (int)(64 - treeBits - 1)); + ulong treeIndex = Pack.BE_To_UInt64_Partial(output, forsMsgBytes, (int)treeBytes) + & ulong.MaxValue >> (64 - (int)treeBits); - byte[] leafIndexBuf = new byte[4]; - Array.Copy(output, forsMsgBytes + treeBytes, leafIndexBuf, 4 - leafBytes, leafBytes); - - uint leafIndex = Pack.BE_To_UInt32(leafIndexBuf, 0); - if (32 - leafBits != 0) - leafIndex &= (uint)((0x7fffffff) >> (int)(32 - leafBits - 1));//todo??? + uint leafIndex = Pack.BE_To_UInt32_Partial(output, forsMsgBytes + (int)treeBytes, (int)leafBytes) + & uint.MaxValue >> (32 - (int)leafBits); return new IndexedDigest(treeIndex, leafIndex, Arrays.CopyOfRange(output, 0, forsMsgBytes)); } @@ -256,7 +248,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return Arrays.CopyOfRange(msgDigestBuf, 0, N); } - public override byte[] PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs) + public override void PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs, byte[] prf, int prfOff) { int n = skSeed.Length; @@ -268,7 +260,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus sha256.BlockUpdate(skSeed, 0, skSeed.Length); sha256.DoFinal(sha256Buf, 0); - return Arrays.CopyOfRange(sha256Buf, 0, n); + Array.Copy(sha256Buf, 0, prf, prfOff, n); } public override byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message) @@ -350,7 +342,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus } internal class Shake256Engine - : SPHINCSPlusEngine + : SphincsPlusEngine { private IXof treeDigest; private IXof maskDigest; @@ -415,31 +407,22 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus uint treeBits = FH - leafBits; uint leafBytes = (leafBits + 7) / 8; uint treeBytes = (treeBits + 7) / 8; - uint m = (uint)(forsMsgBytes + leafBytes + treeBytes); + uint m = (uint)(forsMsgBytes + treeBytes + leafBytes); byte[] output = new byte[m]; - treeDigest.BlockUpdate(R, 0, R.Length); treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(pkRoot, 0, pkRoot.Length); treeDigest.BlockUpdate(message, 0, message.Length); - treeDigest.DoFinal(output, 0, output.Length); // tree index // currently, only indexes up to 64 bits are supported - byte[] treeIndexBuf = new byte[8]; - Array.Copy(output, forsMsgBytes, treeIndexBuf, 8 - treeBytes, treeBytes); - ulong treeIndex = Pack.BE_To_UInt64(treeIndexBuf, 0); - if (64 - treeBits != 0) - treeIndex &= (ulong)((0x7fffffffffffffffL) >> (64 - (int)treeBits - 1)); - - byte[] leafIndexBuf = new byte[4]; - Array.Copy(output, forsMsgBytes + treeBytes, leafIndexBuf, 4 - leafBytes, leafBytes); + ulong treeIndex = Pack.BE_To_UInt64_Partial(output, forsMsgBytes, (int)treeBytes) + & ulong.MaxValue >> (64 - (int)treeBits); - uint leafIndex = Pack.BE_To_UInt32(leafIndexBuf, 0); - if (32 - leafBits != 0) - leafIndex &= (uint)((0x7fffffff) >> (32 - (int)leafBits - 1)); + uint leafIndex = Pack.BE_To_UInt32_Partial(output, forsMsgBytes + (int)treeBytes, (int)leafBytes) + & uint.MaxValue >> (32 - (int)leafBits); return new IndexedDigest(treeIndex, leafIndex, Arrays.CopyOfRange(output, 0, forsMsgBytes)); } @@ -462,15 +445,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return rv; } - public override byte[] PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs) + public override void PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs, byte[] prf, int prfOff) { treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); treeDigest.BlockUpdate(skSeed, 0, skSeed.Length); - - byte[] prf = new byte[N]; - treeDigest.DoFinal(prf, 0, N); - return prf; + treeDigest.DoFinal(prf, prfOff, N); } public override byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message) @@ -499,6 +479,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return mask; } + protected byte[] Bitmask(byte[] pkSeed, Adrs adrs, byte[] m1, byte[] m2) { byte[] mask = new byte[m1.Length + m2.Length]; @@ -523,13 +504,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus } internal class HarakaSEngine - : SPHINCSPlusEngine + : SphincsPlusEngine { public HarakaSXof harakaSXof; public HarakaS256Digest harakaS256Digest; public HarakaS512Digest harakaS512Digest; - public HarakaSEngine(bool robust, int n, uint w, uint d, int a, int k, uint h) : base(robust, n, w, d, a, k, h) + public HarakaSEngine(bool robust, int n, uint w, uint d, int a, int k, uint h) + : base(robust, n, w, d, a, k, h) { } @@ -561,7 +543,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus } // NOTE The digest implementation implicitly pads the input with zeros up to 64 length harakaS512Digest.DoFinal(hash, 0); - return Arrays.CopyOfRange(hash, 0, N); + return N == 32 ? hash : Arrays.CopyOfRange(hash, 0, N); } public override byte[] H(byte[] pkSeed, Adrs adrs, byte[] m1, byte[] m2) @@ -582,34 +564,26 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus int forsMsgBytes = ((A * K) + 7) >> 3; uint leafBits = FH / D; uint treeBits = FH - leafBits; - uint leafBytes = (leafBits + 7) >>3; - uint treeBytes = (treeBits + 7) >>3; - uint m = (uint)(forsMsgBytes + leafBytes + treeBytes); - byte[] output = new byte[forsMsgBytes + leafBytes + treeBytes]; + uint leafBytes = (leafBits + 7) >> 3; + uint treeBytes = (treeBits + 7) >> 3; + + byte[] output = new byte[forsMsgBytes + treeBytes + leafBytes]; harakaSXof.BlockUpdate(prf, 0, prf.Length); harakaSXof.BlockUpdate(pkRoot, 0, pkRoot.Length); harakaSXof.BlockUpdate(message, 0, message.Length); harakaSXof.DoFinal(output, 0, output.Length); + // tree index // currently, only indexes up to 64 bits are supported - byte[] treeIndexBuf = new byte[8]; - Array.Copy(output, forsMsgBytes, treeIndexBuf, 8 - treeBytes, treeBytes); - ulong treeIndex = Pack.BE_To_UInt64(treeIndexBuf, 0); - if (64 - treeBits != 0) - treeIndex &= (ulong)((0x7fffffffffffffffL) >> (64 - (int)treeBits - 1)); - - byte[] leafIndexBuf = new byte[4]; - Array.Copy(output, forsMsgBytes + treeBytes, leafIndexBuf, 4 - leafBytes, leafBytes); + ulong treeIndex = Pack.BE_To_UInt64_Partial(output, forsMsgBytes, (int)treeBytes) + & ulong.MaxValue >> (64 - (int)treeBits); - uint leafIndex = Pack.BE_To_UInt32(leafIndexBuf, 0); - if (32 - leafBits != 0) - leafIndex &= (uint)((0x7fffffff) >> (32 - (int)leafBits - 1)); + uint leafIndex = Pack.BE_To_UInt32_Partial(output, forsMsgBytes + (int)treeBytes, (int)leafBytes) + & uint.MaxValue >> (32 - (int)leafBits); return new IndexedDigest(treeIndex, leafIndex, Arrays.CopyOfRange(output, 0, forsMsgBytes)); } - - public override byte[] T_l(byte[] pkSeed, Adrs adrs, byte[] m) { byte[] rv = new byte[N]; @@ -620,13 +594,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return rv; } - public override byte[] PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs) + public override void PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs, byte[] prf, int prfOff) { - byte[] rv = new byte[64]; + byte[] rv = new byte[32]; harakaS512Digest.BlockUpdate(adrs.value, 0, adrs.value.Length); harakaS512Digest.BlockUpdate(skSeed, 0, skSeed.Length); harakaS512Digest.DoFinal(rv, 0); - return Arrays.CopyOfRange(rv, 0, N); + Array.Copy(rv, 0, prf, prfOff, N); } public override byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message) @@ -650,10 +624,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { m[i] ^= mask[i]; } - return m; } return m; } } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyGenerationParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyGenerationParameters.cs index 2239d1162..12339ddc6 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyGenerationParameters.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyGenerationParameters.cs @@ -3,17 +3,17 @@ using Org.BouncyCastle.Security; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - public class SPHINCSPlusKeyGenerationParameters + public sealed class SphincsPlusKeyGenerationParameters : KeyGenerationParameters { - private SPHINCSPlusParameters parameters; + private readonly SphincsPlusParameters m_parameters; - public SPHINCSPlusKeyGenerationParameters(SecureRandom random, SPHINCSPlusParameters parameters) + public SphincsPlusKeyGenerationParameters(SecureRandom random, SphincsPlusParameters parameters) : base(random, 256) { - this.parameters = parameters; + m_parameters = parameters; } - internal SPHINCSPlusParameters Parameters => parameters; + public SphincsPlusParameters Parameters => m_parameters; } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs index 0eaf9557a..ed96b70e5 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs @@ -1,30 +1,30 @@ using System; + using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security; -using static Org.BouncyCastle.Pqc.Crypto.SphincsPlus.SPHINCSPlusEngine; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - public class SPHINCSPlusKeyPairGenerator + public sealed class SphincsPlusKeyPairGenerator : IAsymmetricCipherKeyPairGenerator { private SecureRandom random; - private SPHINCSPlusParameters parameters; + private SphincsPlusParameters parameters; public void Init(KeyGenerationParameters param) { random = param.Random; - parameters = ((SPHINCSPlusKeyGenerationParameters)param).Parameters; + parameters = ((SphincsPlusKeyGenerationParameters)param).Parameters; } public AsymmetricCipherKeyPair GenerateKeyPair() { - SPHINCSPlusEngine engine = parameters.GetEngine(); + SphincsPlusEngine engine = parameters.GetEngine(); byte[] pkSeed; SK sk; - if (engine is SPHINCSPlusEngine.HarakaSEngine) + if (engine is SphincsPlusEngine.HarakaSEngine) { // required to pass kat tests byte[] tmparray = SecRand(engine.N * 3); @@ -45,8 +45,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus // TODO PK pk = new PK(pkSeed, new HT(engine, sk.seed, pkSeed).HTPubKey); - return new AsymmetricCipherKeyPair(new SPHINCSPlusPublicKeyParameters(parameters, pk), - new SPHINCSPlusPrivateKeyParameters(parameters, sk, pk)); + return new AsymmetricCipherKeyPair(new SphincsPlusPublicKeyParameters(parameters, pk), + new SphincsPlusPrivateKeyParameters(parameters, sk, pk)); } private byte[] SecRand(int n) diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyParameters.cs index 8a8edf653..82220f9db 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyParameters.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyParameters.cs @@ -2,20 +2,17 @@ using Org.BouncyCastle.Crypto; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - public class SPHINCSPlusKeyParameters + public abstract class SphincsPlusKeyParameters : AsymmetricKeyParameter { - SPHINCSPlusParameters parameters; + protected readonly SphincsPlusParameters m_parameters; - protected SPHINCSPlusKeyParameters(bool isPrivate, SPHINCSPlusParameters parameters) + protected SphincsPlusKeyParameters(bool isPrivate, SphincsPlusParameters parameters) : base(isPrivate) { - this.parameters = parameters; + m_parameters = parameters; } - public SPHINCSPlusParameters GetParameters() - { - return parameters; - } + public SphincsPlusParameters Parameters => m_parameters; } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs index 9714ed847..97a9fe71a 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs @@ -1,114 +1,111 @@ -using System; using System.Collections.Generic; + using Org.BouncyCastle.Crypto.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - interface ISPHINCSPlusEngineProvider + internal interface ISphincsPlusEngineProvider { - int N - { - get; - } + int N { get; } - SPHINCSPlusEngine Get(); + SphincsPlusEngine Get(); } - public class SPHINCSPlusParameters + public sealed class SphincsPlusParameters { - public static SPHINCSPlusParameters sha2_128f = new SPHINCSPlusParameters("sha2-128f-robust", + public static SphincsPlusParameters sha2_128f = new SphincsPlusParameters("sha2-128f-robust", new Sha2EngineProvider(true, 16, 16, 22, 6, 33, 66)); - public static SPHINCSPlusParameters sha2_128s = new SPHINCSPlusParameters("sha2-128s-robust", + public static SphincsPlusParameters sha2_128s = new SphincsPlusParameters("sha2-128s-robust", new Sha2EngineProvider(true, 16, 16, 7, 12, 14, 63)); - public static SPHINCSPlusParameters sha2_192f = new SPHINCSPlusParameters("sha2-192f-robust", + public static SphincsPlusParameters sha2_192f = new SphincsPlusParameters("sha2-192f-robust", new Sha2EngineProvider(true, 24, 16, 22, 8, 33, 66)); - public static SPHINCSPlusParameters sha2_192s = new SPHINCSPlusParameters("sha2-192s-robust", + public static SphincsPlusParameters sha2_192s = new SphincsPlusParameters("sha2-192s-robust", new Sha2EngineProvider(true, 24, 16, 7, 14, 17, 63)); - public static SPHINCSPlusParameters sha2_256f = new SPHINCSPlusParameters("sha2-256f-robust", + public static SphincsPlusParameters sha2_256f = new SphincsPlusParameters("sha2-256f-robust", new Sha2EngineProvider(true, 32, 16, 17, 9, 35, 68)); - public static SPHINCSPlusParameters sha2_256s = new SPHINCSPlusParameters("sha2-256s-robust", + public static SphincsPlusParameters sha2_256s = new SphincsPlusParameters("sha2-256s-robust", new Sha2EngineProvider(true, 32, 16, 8, 14, 22, 64)); - public static SPHINCSPlusParameters sha2_128f_simple = new SPHINCSPlusParameters("sha2-128f-simple", + public static SphincsPlusParameters sha2_128f_simple = new SphincsPlusParameters("sha2-128f-simple", new Sha2EngineProvider(false, 16, 16, 22, 6, 33, 66)); - public static SPHINCSPlusParameters sha2_128s_simple = new SPHINCSPlusParameters("sha2-128s-simple", + public static SphincsPlusParameters sha2_128s_simple = new SphincsPlusParameters("sha2-128s-simple", new Sha2EngineProvider(false, 16, 16, 7, 12, 14, 63)); - public static SPHINCSPlusParameters sha2_192f_simple = new SPHINCSPlusParameters("sha2-192f-simple", + public static SphincsPlusParameters sha2_192f_simple = new SphincsPlusParameters("sha2-192f-simple", new Sha2EngineProvider(false, 24, 16, 22, 8, 33, 66)); - public static SPHINCSPlusParameters sha2_192s_simple = new SPHINCSPlusParameters("sha2-192s-simple", + public static SphincsPlusParameters sha2_192s_simple = new SphincsPlusParameters("sha2-192s-simple", new Sha2EngineProvider(false, 24, 16, 7, 14, 17, 63)); - public static SPHINCSPlusParameters sha2_256f_simple = new SPHINCSPlusParameters("sha2-256f-simple", + public static SphincsPlusParameters sha2_256f_simple = new SphincsPlusParameters("sha2-256f-simple", new Sha2EngineProvider(false, 32, 16, 17, 9, 35, 68)); - public static SPHINCSPlusParameters sha2_256s_simple = new SPHINCSPlusParameters("sha2-256s-simple", + public static SphincsPlusParameters sha2_256s_simple = new SphincsPlusParameters("sha2-256s-simple", new Sha2EngineProvider(false, 32, 16, 8, 14, 22, 64)); // SHAKE-256. - public static SPHINCSPlusParameters shake_128f = new SPHINCSPlusParameters("shake-128f-robust", + public static SphincsPlusParameters shake_128f = new SphincsPlusParameters("shake-128f-robust", new Shake256EngineProvider(true, 16, 16, 22, 6, 33, 66)); - public static SPHINCSPlusParameters shake_128s = new SPHINCSPlusParameters("shake-128s-robust", + public static SphincsPlusParameters shake_128s = new SphincsPlusParameters("shake-128s-robust", new Shake256EngineProvider(true, 16, 16, 7, 12, 14, 63)); - public static SPHINCSPlusParameters shake_192f = new SPHINCSPlusParameters("shake-192f-robust", + public static SphincsPlusParameters shake_192f = new SphincsPlusParameters("shake-192f-robust", new Shake256EngineProvider(true, 24, 16, 22, 8, 33, 66)); - public static SPHINCSPlusParameters shake_192s = new SPHINCSPlusParameters("shake-192s-robust", + public static SphincsPlusParameters shake_192s = new SphincsPlusParameters("shake-192s-robust", new Shake256EngineProvider(true, 24, 16, 7, 14, 17, 63)); - public static SPHINCSPlusParameters shake_256f = new SPHINCSPlusParameters("shake-256f-robust", + public static SphincsPlusParameters shake_256f = new SphincsPlusParameters("shake-256f-robust", new Shake256EngineProvider(true, 32, 16, 17, 9, 35, 68)); - public static SPHINCSPlusParameters shake_256s = new SPHINCSPlusParameters("shake-256s-robust", + public static SphincsPlusParameters shake_256s = new SphincsPlusParameters("shake-256s-robust", new Shake256EngineProvider(true, 32, 16, 8, 14, 22, 64)); - public static SPHINCSPlusParameters shake_128f_simple = new SPHINCSPlusParameters("shake-128f-simple", + public static SphincsPlusParameters shake_128f_simple = new SphincsPlusParameters("shake-128f-simple", new Shake256EngineProvider(false, 16, 16, 22, 6, 33, 66)); - public static SPHINCSPlusParameters shake_128s_simple = new SPHINCSPlusParameters("shake-128s-simple", + public static SphincsPlusParameters shake_128s_simple = new SphincsPlusParameters("shake-128s-simple", new Shake256EngineProvider(false, 16, 16, 7, 12, 14, 63)); - public static SPHINCSPlusParameters shake_192f_simple = new SPHINCSPlusParameters("shake-192f-simple", + public static SphincsPlusParameters shake_192f_simple = new SphincsPlusParameters("shake-192f-simple", new Shake256EngineProvider(false, 24, 16, 22, 8, 33, 66)); - public static SPHINCSPlusParameters shake_192s_simple = new SPHINCSPlusParameters("shake-192s-simple", + public static SphincsPlusParameters shake_192s_simple = new SphincsPlusParameters("shake-192s-simple", new Shake256EngineProvider(false, 24, 16, 7, 14, 17, 63)); - public static SPHINCSPlusParameters shake_256f_simple = new SPHINCSPlusParameters("shake-256f-simple", + public static SphincsPlusParameters shake_256f_simple = new SphincsPlusParameters("shake-256f-simple", new Shake256EngineProvider(false, 32, 16, 17, 9, 35, 68)); - public static SPHINCSPlusParameters shake_256s_simple = new SPHINCSPlusParameters("shake-256s-simple", + public static SphincsPlusParameters shake_256s_simple = new SphincsPlusParameters("shake-256s-simple", new Shake256EngineProvider(false, 32, 16, 8, 14, 22, 64)); // Haraka. - public static SPHINCSPlusParameters haraka_128f = new SPHINCSPlusParameters("haraka-128f-robust", new Haraka256EngineProvider(true, 16, 16, 22, 6, 33, 66)); - public static SPHINCSPlusParameters haraka_128s = new SPHINCSPlusParameters("haraka-128s-robust", new Haraka256EngineProvider(true, 16, 16, 7, 12, 14, 63)); + public static SphincsPlusParameters haraka_128f = new SphincsPlusParameters("haraka-128f-robust", new Haraka256EngineProvider(true, 16, 16, 22, 6, 33, 66)); + public static SphincsPlusParameters haraka_128s = new SphincsPlusParameters("haraka-128s-robust", new Haraka256EngineProvider(true, 16, 16, 7, 12, 14, 63)); - public static SPHINCSPlusParameters haraka_256f = new SPHINCSPlusParameters("haraka-256f-robust", new Haraka256EngineProvider(true, 32, 16, 17, 9, 35, 68)); - public static SPHINCSPlusParameters haraka_256s = new SPHINCSPlusParameters("haraka-256s-robust", new Haraka256EngineProvider(true, 32, 16, 8, 14, 22, 64)); + public static SphincsPlusParameters haraka_256f = new SphincsPlusParameters("haraka-256f-robust", new Haraka256EngineProvider(true, 32, 16, 17, 9, 35, 68)); + public static SphincsPlusParameters haraka_256s = new SphincsPlusParameters("haraka-256s-robust", new Haraka256EngineProvider(true, 32, 16, 8, 14, 22, 64)); - public static SPHINCSPlusParameters haraka_192f = new SPHINCSPlusParameters("haraka-192f-robust", new Haraka256EngineProvider(true, 24, 16, 22, 8, 33, 66)); - public static SPHINCSPlusParameters haraka_192s = new SPHINCSPlusParameters("haraka-192s-robust", new Haraka256EngineProvider(true, 24, 16, 7, 14, 17, 63)); + public static SphincsPlusParameters haraka_192f = new SphincsPlusParameters("haraka-192f-robust", new Haraka256EngineProvider(true, 24, 16, 22, 8, 33, 66)); + public static SphincsPlusParameters haraka_192s = new SphincsPlusParameters("haraka-192s-robust", new Haraka256EngineProvider(true, 24, 16, 7, 14, 17, 63)); - public static SPHINCSPlusParameters haraka_128f_simple = new SPHINCSPlusParameters("haraka-128f-simple", new Haraka256EngineProvider(false, 16, 16, 22, 6, 33, 66)); - public static SPHINCSPlusParameters haraka_128s_simple = new SPHINCSPlusParameters("haraka-128s-simple", new Haraka256EngineProvider(false, 16, 16, 7, 12, 14, 63)); + public static SphincsPlusParameters haraka_128f_simple = new SphincsPlusParameters("haraka-128f-simple", new Haraka256EngineProvider(false, 16, 16, 22, 6, 33, 66)); + public static SphincsPlusParameters haraka_128s_simple = new SphincsPlusParameters("haraka-128s-simple", new Haraka256EngineProvider(false, 16, 16, 7, 12, 14, 63)); - public static SPHINCSPlusParameters haraka_192f_simple = new SPHINCSPlusParameters("haraka-192f-simple", new Haraka256EngineProvider(false, 24, 16, 22, 8, 33, 66)); - public static SPHINCSPlusParameters haraka_192s_simple = new SPHINCSPlusParameters("haraka-192s-simple", new Haraka256EngineProvider(false, 24, 16, 7, 14, 17, 63)); + public static SphincsPlusParameters haraka_192f_simple = new SphincsPlusParameters("haraka-192f-simple", new Haraka256EngineProvider(false, 24, 16, 22, 8, 33, 66)); + public static SphincsPlusParameters haraka_192s_simple = new SphincsPlusParameters("haraka-192s-simple", new Haraka256EngineProvider(false, 24, 16, 7, 14, 17, 63)); - public static SPHINCSPlusParameters haraka_256f_simple = new SPHINCSPlusParameters("haraka-256f-simple", new Haraka256EngineProvider(false, 32, 16, 17, 9, 35, 68)); - public static SPHINCSPlusParameters haraka_256s_simple = new SPHINCSPlusParameters("haraka-256s-simple", new Haraka256EngineProvider(false, 32, 16, 8, 14, 22, 64)); + public static SphincsPlusParameters haraka_256f_simple = new SphincsPlusParameters("haraka-256f-simple", new Haraka256EngineProvider(false, 32, 16, 17, 9, 35, 68)); + public static SphincsPlusParameters haraka_256s_simple = new SphincsPlusParameters("haraka-256s-simple", new Haraka256EngineProvider(false, 32, 16, 8, 14, 22, 64)); private static uint sphincsPlus_sha2_128f_robust = 0x010101; @@ -154,112 +151,112 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus private static uint sphincsPlus_haraka_256s_simple = 0x030206; - private static Dictionary<uint, SPHINCSPlusParameters> oidToParams = new Dictionary<uint, SPHINCSPlusParameters>(); - private static Dictionary<SPHINCSPlusParameters, uint> paramsToOid = new Dictionary<SPHINCSPlusParameters, uint>(); + private static Dictionary<uint, SphincsPlusParameters> oidToParams = new Dictionary<uint, SphincsPlusParameters>(); + private static Dictionary<SphincsPlusParameters, uint> paramsToOid = new Dictionary<SphincsPlusParameters, uint>(); - static SPHINCSPlusParameters() + static SphincsPlusParameters() { - oidToParams[sphincsPlus_sha2_128f_robust] = SPHINCSPlusParameters.sha2_128f; - oidToParams[sphincsPlus_sha2_128s_robust] = SPHINCSPlusParameters.sha2_128s; - oidToParams[sphincsPlus_sha2_192f_robust] = SPHINCSPlusParameters.sha2_192f; - oidToParams[sphincsPlus_sha2_192s_robust] = SPHINCSPlusParameters.sha2_192s; - oidToParams[sphincsPlus_sha2_256f_robust] = SPHINCSPlusParameters.sha2_256f; - oidToParams[sphincsPlus_sha2_256s_robust] = SPHINCSPlusParameters.sha2_256s; - - oidToParams[sphincsPlus_sha2_128f_simple] = SPHINCSPlusParameters.sha2_128f_simple; - oidToParams[sphincsPlus_sha2_128s_simple] = SPHINCSPlusParameters.sha2_128s_simple; - oidToParams[sphincsPlus_sha2_192f_simple] = SPHINCSPlusParameters.sha2_192f_simple; - oidToParams[sphincsPlus_sha2_192s_simple] = SPHINCSPlusParameters.sha2_192s_simple; - oidToParams[sphincsPlus_sha2_256f_simple] = SPHINCSPlusParameters.sha2_256f_simple; - oidToParams[sphincsPlus_sha2_256s_simple] = SPHINCSPlusParameters.sha2_256s_simple; - - oidToParams[sphincsPlus_shake_128f_robust] = SPHINCSPlusParameters.shake_128f; - oidToParams[sphincsPlus_shake_128s_robust] = SPHINCSPlusParameters.shake_128s; - oidToParams[sphincsPlus_shake_192f_robust] = SPHINCSPlusParameters.shake_192f; - oidToParams[sphincsPlus_shake_192s_robust] = SPHINCSPlusParameters.shake_192s; - oidToParams[sphincsPlus_shake_256f_robust] = SPHINCSPlusParameters.shake_256f; - oidToParams[sphincsPlus_shake_256s_robust] = SPHINCSPlusParameters.shake_256s; - - oidToParams[sphincsPlus_shake_128f_simple] = SPHINCSPlusParameters.shake_128f_simple; - oidToParams[sphincsPlus_shake_128s_simple] = SPHINCSPlusParameters.shake_128s_simple; - oidToParams[sphincsPlus_shake_192f_simple] = SPHINCSPlusParameters.shake_192f_simple; - oidToParams[sphincsPlus_shake_192s_simple] = SPHINCSPlusParameters.shake_192s_simple; - oidToParams[sphincsPlus_shake_256f_simple] = SPHINCSPlusParameters.shake_256f_simple; - oidToParams[sphincsPlus_shake_256s_simple] = SPHINCSPlusParameters.shake_256s_simple; - - oidToParams[sphincsPlus_haraka_128f_simple] = SPHINCSPlusParameters.haraka_128f_simple; - oidToParams[sphincsPlus_haraka_128f_robust] = SPHINCSPlusParameters.haraka_128f; - oidToParams[sphincsPlus_haraka_192f_simple] = SPHINCSPlusParameters.haraka_192f_simple; - oidToParams[sphincsPlus_haraka_192f_robust] = SPHINCSPlusParameters.haraka_192f; - oidToParams[sphincsPlus_haraka_256f_simple] = SPHINCSPlusParameters.haraka_256f_simple; - oidToParams[sphincsPlus_haraka_256f_robust] = SPHINCSPlusParameters.haraka_256f; - - oidToParams[sphincsPlus_haraka_128s_simple] = SPHINCSPlusParameters.haraka_128s_simple; - oidToParams[sphincsPlus_haraka_128s_robust] = SPHINCSPlusParameters.haraka_128s; - oidToParams[sphincsPlus_haraka_192s_simple] = SPHINCSPlusParameters.haraka_192s_simple; - oidToParams[sphincsPlus_haraka_192s_robust] = SPHINCSPlusParameters.haraka_192s; - oidToParams[sphincsPlus_haraka_256s_simple] = SPHINCSPlusParameters.haraka_256s_simple; - oidToParams[sphincsPlus_haraka_256s_robust] = SPHINCSPlusParameters.haraka_256s; - - - paramsToOid[SPHINCSPlusParameters.sha2_128f] = sphincsPlus_sha2_128f_robust; - paramsToOid[SPHINCSPlusParameters.sha2_128s] = sphincsPlus_sha2_128s_robust; - paramsToOid[SPHINCSPlusParameters.sha2_192f] = sphincsPlus_sha2_192f_robust; - paramsToOid[SPHINCSPlusParameters.sha2_192s] = sphincsPlus_sha2_192s_robust; - paramsToOid[SPHINCSPlusParameters.sha2_256f] = sphincsPlus_sha2_256f_robust; - paramsToOid[SPHINCSPlusParameters.sha2_256s] = sphincsPlus_sha2_256s_robust; - - paramsToOid[SPHINCSPlusParameters.sha2_128f_simple] = sphincsPlus_sha2_128f_simple; - paramsToOid[SPHINCSPlusParameters.sha2_128s_simple] = sphincsPlus_sha2_128s_simple; - paramsToOid[SPHINCSPlusParameters.sha2_192f_simple] = sphincsPlus_sha2_192f_simple; - paramsToOid[SPHINCSPlusParameters.sha2_192s_simple] = sphincsPlus_sha2_192s_simple; - paramsToOid[SPHINCSPlusParameters.sha2_256f_simple] = sphincsPlus_sha2_256f_simple; - paramsToOid[SPHINCSPlusParameters.sha2_256s_simple] = sphincsPlus_sha2_256s_simple; - - paramsToOid[SPHINCSPlusParameters.shake_128f] = sphincsPlus_shake_128f_robust; - paramsToOid[SPHINCSPlusParameters.shake_128s] = sphincsPlus_shake_128s_robust; - paramsToOid[SPHINCSPlusParameters.shake_192f] = sphincsPlus_shake_192f_robust; - paramsToOid[SPHINCSPlusParameters.shake_192s] = sphincsPlus_shake_192s_robust; - paramsToOid[SPHINCSPlusParameters.shake_256f] = sphincsPlus_shake_256f_robust; - paramsToOid[SPHINCSPlusParameters.shake_256s] = sphincsPlus_shake_256s_robust; - - paramsToOid[SPHINCSPlusParameters.shake_128f_simple] = sphincsPlus_shake_128f_simple; - paramsToOid[SPHINCSPlusParameters.shake_128s_simple] = sphincsPlus_shake_128s_simple; - paramsToOid[SPHINCSPlusParameters.shake_192f_simple] = sphincsPlus_shake_192f_simple; - paramsToOid[SPHINCSPlusParameters.shake_192s_simple] = sphincsPlus_shake_192s_simple; - paramsToOid[SPHINCSPlusParameters.shake_256f_simple] = sphincsPlus_shake_256f_simple; - paramsToOid[SPHINCSPlusParameters.shake_256s_simple] = sphincsPlus_shake_256s_simple; - - paramsToOid[SPHINCSPlusParameters.haraka_128f_simple] = sphincsPlus_haraka_128f_simple; - paramsToOid[SPHINCSPlusParameters.haraka_192f_simple] = sphincsPlus_haraka_192f_simple; - paramsToOid[SPHINCSPlusParameters.haraka_256f_simple] = sphincsPlus_haraka_256f_simple; - paramsToOid[SPHINCSPlusParameters.haraka_128s_simple] = sphincsPlus_haraka_128s_simple; - paramsToOid[SPHINCSPlusParameters.haraka_192s_simple] = sphincsPlus_haraka_192s_simple; - paramsToOid[SPHINCSPlusParameters.haraka_256s_simple] = sphincsPlus_haraka_256s_simple; - paramsToOid[SPHINCSPlusParameters.haraka_128f] = sphincsPlus_haraka_128f_robust; - paramsToOid[SPHINCSPlusParameters.haraka_192f] = sphincsPlus_haraka_192f_robust; - paramsToOid[SPHINCSPlusParameters.haraka_256f] = sphincsPlus_haraka_256f_robust; - paramsToOid[SPHINCSPlusParameters.haraka_128s] = sphincsPlus_haraka_128s_robust; - paramsToOid[SPHINCSPlusParameters.haraka_192s] = sphincsPlus_haraka_192s_robust; - paramsToOid[SPHINCSPlusParameters.haraka_256s] = sphincsPlus_haraka_256s_robust; + oidToParams[sphincsPlus_sha2_128f_robust] = SphincsPlusParameters.sha2_128f; + oidToParams[sphincsPlus_sha2_128s_robust] = SphincsPlusParameters.sha2_128s; + oidToParams[sphincsPlus_sha2_192f_robust] = SphincsPlusParameters.sha2_192f; + oidToParams[sphincsPlus_sha2_192s_robust] = SphincsPlusParameters.sha2_192s; + oidToParams[sphincsPlus_sha2_256f_robust] = SphincsPlusParameters.sha2_256f; + oidToParams[sphincsPlus_sha2_256s_robust] = SphincsPlusParameters.sha2_256s; + + oidToParams[sphincsPlus_sha2_128f_simple] = SphincsPlusParameters.sha2_128f_simple; + oidToParams[sphincsPlus_sha2_128s_simple] = SphincsPlusParameters.sha2_128s_simple; + oidToParams[sphincsPlus_sha2_192f_simple] = SphincsPlusParameters.sha2_192f_simple; + oidToParams[sphincsPlus_sha2_192s_simple] = SphincsPlusParameters.sha2_192s_simple; + oidToParams[sphincsPlus_sha2_256f_simple] = SphincsPlusParameters.sha2_256f_simple; + oidToParams[sphincsPlus_sha2_256s_simple] = SphincsPlusParameters.sha2_256s_simple; + + oidToParams[sphincsPlus_shake_128f_robust] = SphincsPlusParameters.shake_128f; + oidToParams[sphincsPlus_shake_128s_robust] = SphincsPlusParameters.shake_128s; + oidToParams[sphincsPlus_shake_192f_robust] = SphincsPlusParameters.shake_192f; + oidToParams[sphincsPlus_shake_192s_robust] = SphincsPlusParameters.shake_192s; + oidToParams[sphincsPlus_shake_256f_robust] = SphincsPlusParameters.shake_256f; + oidToParams[sphincsPlus_shake_256s_robust] = SphincsPlusParameters.shake_256s; + + oidToParams[sphincsPlus_shake_128f_simple] = SphincsPlusParameters.shake_128f_simple; + oidToParams[sphincsPlus_shake_128s_simple] = SphincsPlusParameters.shake_128s_simple; + oidToParams[sphincsPlus_shake_192f_simple] = SphincsPlusParameters.shake_192f_simple; + oidToParams[sphincsPlus_shake_192s_simple] = SphincsPlusParameters.shake_192s_simple; + oidToParams[sphincsPlus_shake_256f_simple] = SphincsPlusParameters.shake_256f_simple; + oidToParams[sphincsPlus_shake_256s_simple] = SphincsPlusParameters.shake_256s_simple; + + oidToParams[sphincsPlus_haraka_128f_simple] = SphincsPlusParameters.haraka_128f_simple; + oidToParams[sphincsPlus_haraka_128f_robust] = SphincsPlusParameters.haraka_128f; + oidToParams[sphincsPlus_haraka_192f_simple] = SphincsPlusParameters.haraka_192f_simple; + oidToParams[sphincsPlus_haraka_192f_robust] = SphincsPlusParameters.haraka_192f; + oidToParams[sphincsPlus_haraka_256f_simple] = SphincsPlusParameters.haraka_256f_simple; + oidToParams[sphincsPlus_haraka_256f_robust] = SphincsPlusParameters.haraka_256f; + + oidToParams[sphincsPlus_haraka_128s_simple] = SphincsPlusParameters.haraka_128s_simple; + oidToParams[sphincsPlus_haraka_128s_robust] = SphincsPlusParameters.haraka_128s; + oidToParams[sphincsPlus_haraka_192s_simple] = SphincsPlusParameters.haraka_192s_simple; + oidToParams[sphincsPlus_haraka_192s_robust] = SphincsPlusParameters.haraka_192s; + oidToParams[sphincsPlus_haraka_256s_simple] = SphincsPlusParameters.haraka_256s_simple; + oidToParams[sphincsPlus_haraka_256s_robust] = SphincsPlusParameters.haraka_256s; + + + paramsToOid[SphincsPlusParameters.sha2_128f] = sphincsPlus_sha2_128f_robust; + paramsToOid[SphincsPlusParameters.sha2_128s] = sphincsPlus_sha2_128s_robust; + paramsToOid[SphincsPlusParameters.sha2_192f] = sphincsPlus_sha2_192f_robust; + paramsToOid[SphincsPlusParameters.sha2_192s] = sphincsPlus_sha2_192s_robust; + paramsToOid[SphincsPlusParameters.sha2_256f] = sphincsPlus_sha2_256f_robust; + paramsToOid[SphincsPlusParameters.sha2_256s] = sphincsPlus_sha2_256s_robust; + + paramsToOid[SphincsPlusParameters.sha2_128f_simple] = sphincsPlus_sha2_128f_simple; + paramsToOid[SphincsPlusParameters.sha2_128s_simple] = sphincsPlus_sha2_128s_simple; + paramsToOid[SphincsPlusParameters.sha2_192f_simple] = sphincsPlus_sha2_192f_simple; + paramsToOid[SphincsPlusParameters.sha2_192s_simple] = sphincsPlus_sha2_192s_simple; + paramsToOid[SphincsPlusParameters.sha2_256f_simple] = sphincsPlus_sha2_256f_simple; + paramsToOid[SphincsPlusParameters.sha2_256s_simple] = sphincsPlus_sha2_256s_simple; + + paramsToOid[SphincsPlusParameters.shake_128f] = sphincsPlus_shake_128f_robust; + paramsToOid[SphincsPlusParameters.shake_128s] = sphincsPlus_shake_128s_robust; + paramsToOid[SphincsPlusParameters.shake_192f] = sphincsPlus_shake_192f_robust; + paramsToOid[SphincsPlusParameters.shake_192s] = sphincsPlus_shake_192s_robust; + paramsToOid[SphincsPlusParameters.shake_256f] = sphincsPlus_shake_256f_robust; + paramsToOid[SphincsPlusParameters.shake_256s] = sphincsPlus_shake_256s_robust; + + paramsToOid[SphincsPlusParameters.shake_128f_simple] = sphincsPlus_shake_128f_simple; + paramsToOid[SphincsPlusParameters.shake_128s_simple] = sphincsPlus_shake_128s_simple; + paramsToOid[SphincsPlusParameters.shake_192f_simple] = sphincsPlus_shake_192f_simple; + paramsToOid[SphincsPlusParameters.shake_192s_simple] = sphincsPlus_shake_192s_simple; + paramsToOid[SphincsPlusParameters.shake_256f_simple] = sphincsPlus_shake_256f_simple; + paramsToOid[SphincsPlusParameters.shake_256s_simple] = sphincsPlus_shake_256s_simple; + + paramsToOid[SphincsPlusParameters.haraka_128f_simple] = sphincsPlus_haraka_128f_simple; + paramsToOid[SphincsPlusParameters.haraka_192f_simple] = sphincsPlus_haraka_192f_simple; + paramsToOid[SphincsPlusParameters.haraka_256f_simple] = sphincsPlus_haraka_256f_simple; + paramsToOid[SphincsPlusParameters.haraka_128s_simple] = sphincsPlus_haraka_128s_simple; + paramsToOid[SphincsPlusParameters.haraka_192s_simple] = sphincsPlus_haraka_192s_simple; + paramsToOid[SphincsPlusParameters.haraka_256s_simple] = sphincsPlus_haraka_256s_simple; + paramsToOid[SphincsPlusParameters.haraka_128f] = sphincsPlus_haraka_128f_robust; + paramsToOid[SphincsPlusParameters.haraka_192f] = sphincsPlus_haraka_192f_robust; + paramsToOid[SphincsPlusParameters.haraka_256f] = sphincsPlus_haraka_256f_robust; + paramsToOid[SphincsPlusParameters.haraka_128s] = sphincsPlus_haraka_128s_robust; + paramsToOid[SphincsPlusParameters.haraka_192s] = sphincsPlus_haraka_192s_robust; + paramsToOid[SphincsPlusParameters.haraka_256s] = sphincsPlus_haraka_256s_robust; } - private string name; - private ISPHINCSPlusEngineProvider engineProvider; + private readonly string m_name; + private readonly ISphincsPlusEngineProvider m_engineProvider; - private SPHINCSPlusParameters(string name, ISPHINCSPlusEngineProvider engineProvider) + private SphincsPlusParameters(string name, ISphincsPlusEngineProvider engineProvider) { - this.name = name; - this.engineProvider = engineProvider; + m_name = name; + m_engineProvider = engineProvider; } - public string Name => name; + public string Name => m_name; - internal int N => engineProvider.N; + internal int N => m_engineProvider.N; - internal SPHINCSPlusEngine GetEngine() + internal SphincsPlusEngine GetEngine() { - return engineProvider.Get(); + return m_engineProvider.Get(); } /** @@ -268,7 +265,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus * @param id the oid of interest. * @return the parameter set. */ - public static SPHINCSPlusParameters GetParams(uint id) + public static SphincsPlusParameters GetParams(uint id) { return oidToParams[id]; } @@ -279,7 +276,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus * @param params the parameters of interest. * @return the OID for the parameter set. */ - public static uint GetID(SPHINCSPlusParameters parameters) + public static uint GetID(SphincsPlusParameters parameters) { return paramsToOid[parameters]; } @@ -290,8 +287,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus } } - internal class Sha2EngineProvider - : ISPHINCSPlusEngineProvider + internal sealed class Sha2EngineProvider + : ISphincsPlusEngineProvider { private readonly bool robust; private readonly int n; @@ -314,14 +311,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus public int N => this.n; - public SPHINCSPlusEngine Get() + public SphincsPlusEngine Get() { - return new SPHINCSPlusEngine.Sha2Engine(robust, n, w, d, a, k, h); + return new SphincsPlusEngine.Sha2Engine(robust, n, w, d, a, k, h); } } - internal class Shake256EngineProvider - : ISPHINCSPlusEngineProvider + internal sealed class Shake256EngineProvider + : ISphincsPlusEngineProvider { private readonly bool robust; private readonly int n; @@ -344,14 +341,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus public int N => this.n; - public SPHINCSPlusEngine Get() + public SphincsPlusEngine Get() { - return new SPHINCSPlusEngine.Shake256Engine(robust, n, w, d, a, k, h); + return new SphincsPlusEngine.Shake256Engine(robust, n, w, d, a, k, h); } } - internal class Haraka256EngineProvider - : ISPHINCSPlusEngineProvider + internal sealed class Haraka256EngineProvider + : ISphincsPlusEngineProvider { private readonly bool robust; private readonly int n; @@ -374,9 +371,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus public int N => this.n; - public SPHINCSPlusEngine Get() + public SphincsPlusEngine Get() { - return new SPHINCSPlusEngine.HarakaSEngine(robust, n, w, d, a, k, h); + return new SphincsPlusEngine.HarakaSEngine(robust, n, w, d, a, k, h); } } } diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs index 42c20f25d..ed5195da2 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs @@ -1,17 +1,17 @@ - using System; + using Org.BouncyCastle.Crypto.Utilities; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - public class SPHINCSPlusPrivateKeyParameters - : SPHINCSPlusKeyParameters + public sealed class SphincsPlusPrivateKeyParameters + : SphincsPlusKeyParameters { - internal SK sk; - internal PK pk; + internal readonly SK m_sk; + internal readonly PK m_pk; - public SPHINCSPlusPrivateKeyParameters(SPHINCSPlusParameters parameters, byte[] skpkEncoded) + public SphincsPlusPrivateKeyParameters(SphincsPlusParameters parameters, byte[] skpkEncoded) : base(true, parameters) { int n = parameters.N; @@ -20,47 +20,47 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus throw new ArgumentException("private key encoding does not match parameters"); } - this.sk = new SK(Arrays.CopyOfRange(skpkEncoded, 0, n), Arrays.CopyOfRange(skpkEncoded, n, 2 * n)); - this.pk = new PK(Arrays.CopyOfRange(skpkEncoded, 2 * n, 3 * n), - Arrays.CopyOfRange(skpkEncoded, 3 * n, 4 * n)); + m_sk = new SK(Arrays.CopyOfRange(skpkEncoded, 0, n), Arrays.CopyOfRange(skpkEncoded, n, 2 * n)); + m_pk = new PK(Arrays.CopyOfRange(skpkEncoded, 2 * n, 3 * n), Arrays.CopyOfRange(skpkEncoded, 3 * n, 4 * n)); } - internal SPHINCSPlusPrivateKeyParameters(SPHINCSPlusParameters parameters, SK sk, PK pk) + internal SphincsPlusPrivateKeyParameters(SphincsPlusParameters parameters, SK sk, PK pk) : base(true, parameters) { - this.sk = sk; - this.pk = pk; + m_sk = sk; + m_pk = pk; } public byte[] GetSeed() { - return Arrays.Clone(sk.seed); + return Arrays.Clone(m_sk.seed); } public byte[] GetPrf() { - return Arrays.Clone(sk.prf); + return Arrays.Clone(m_sk.prf); } public byte[] GetPublicSeed() { - return Arrays.Clone(pk.seed); + return Arrays.Clone(m_pk.seed); } public byte[] GetPublicKey() { - return Arrays.Concatenate(pk.seed, pk.root); + return Arrays.Concatenate(m_pk.seed, m_pk.root); } public byte[] GetEncoded() { - return Arrays.Concatenate(Pack.UInt32_To_BE(SPHINCSPlusParameters.GetID(GetParameters())), - Arrays.ConcatenateAll(sk.seed, sk.prf, pk.seed, pk.root)); + var id = Pack.UInt32_To_BE(SphincsPlusParameters.GetID(Parameters)); + return Arrays.ConcatenateAll(id, m_sk.seed, m_sk.prf, m_pk.seed, m_pk.root); } public byte[] GetEncodedPublicKey() { - return Arrays.ConcatenateAll(Pack.UInt32_To_BE(SPHINCSPlusParameters.GetID(GetParameters())), pk.seed, pk.root); + var id = Pack.UInt32_To_BE(SphincsPlusParameters.GetID(Parameters)); + return Arrays.ConcatenateAll(id, m_pk.seed, m_pk.root); } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs index 429234ee7..96e9324cc 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs @@ -1,45 +1,45 @@ using System; + using Org.BouncyCastle.Crypto.Utilities; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - public class SPHINCSPlusPublicKeyParameters - : SPHINCSPlusKeyParameters + public sealed class SphincsPlusPublicKeyParameters + : SphincsPlusKeyParameters { - private PK pk; + private readonly PK m_pk; - public SPHINCSPlusPublicKeyParameters(SPHINCSPlusParameters parameters, byte[] pkEncoded) + public SphincsPlusPublicKeyParameters(SphincsPlusParameters parameters, byte[] pkEncoded) : base(false, parameters) { int n = parameters.N; if (pkEncoded.Length != 2 * n) - { - throw new ArgumentException("public key encoding does not match parameters"); - } + throw new ArgumentException("public key encoding does not match parameters", nameof(pkEncoded)); - this.pk = new PK(Arrays.CopyOfRange(pkEncoded, 0, n), Arrays.CopyOfRange(pkEncoded, n, 2 * n)); + m_pk = new PK(Arrays.CopyOfRange(pkEncoded, 0, n), Arrays.CopyOfRange(pkEncoded, n, 2 * n)); } - internal SPHINCSPlusPublicKeyParameters(SPHINCSPlusParameters parameters, PK pk) + internal SphincsPlusPublicKeyParameters(SphincsPlusParameters parameters, PK pk) : base(false, parameters) { - this.pk = pk; + m_pk = pk; } public byte[] GetSeed() { - return Arrays.Clone(pk.seed); + return Arrays.Clone(m_pk.seed); } public byte[] GetRoot() { - return Arrays.Clone(pk.root); + return Arrays.Clone(m_pk.root); } public byte[] GetEncoded() { - return Arrays.ConcatenateAll(Pack.UInt32_To_BE(SPHINCSPlusParameters.GetID(GetParameters())), pk.seed, pk.root); + var id = Pack.UInt32_To_BE(SphincsPlusParameters.GetID(Parameters)); + return Arrays.ConcatenateAll(id, m_pk.seed, m_pk.root); } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs index c6664f889..5c576eb15 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs @@ -7,7 +7,6 @@ using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - /** * SPHINCS+ signer. * <p> @@ -18,18 +17,18 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus * for further details. * </p> */ - public class SPHINCSPlusSigner + public sealed class SphincsPlusSigner : IMessageSigner { - private SPHINCSPlusPrivateKeyParameters privKey; - private SPHINCSPlusPublicKeyParameters pubKey; + private SphincsPlusPrivateKeyParameters m_privKey; + private SphincsPlusPublicKeyParameters m_pubKey; - private SecureRandom random; + private SecureRandom m_random; /** * Base constructor. */ - public SPHINCSPlusSigner() + public SphincsPlusSigner() { } @@ -37,19 +36,19 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { if (forSigning) { - if (param is ParametersWithRandom) + if (param is ParametersWithRandom parametersWithRandom) { - privKey = ((SPHINCSPlusPrivateKeyParameters)((ParametersWithRandom)param).Parameters); - this.random = ((ParametersWithRandom)param).Random; + m_privKey = (SphincsPlusPrivateKeyParameters)parametersWithRandom.Parameters; + m_random = parametersWithRandom.Random; } else { - privKey = (SPHINCSPlusPrivateKeyParameters)param; + m_privKey = (SphincsPlusPrivateKeyParameters)param; } } else { - pubKey = (SPHINCSPlusPublicKeyParameters)param; + m_pubKey = (SphincsPlusPublicKeyParameters)param; } } @@ -59,45 +58,45 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus // # Output: SPHINCS+ signature SIG // init - SPHINCSPlusEngine engine = privKey.GetParameters().GetEngine(); - engine.Init(privKey.GetPublicSeed()); + SphincsPlusEngine engine = m_privKey.Parameters.GetEngine(); + engine.Init(m_privKey.GetPublicSeed()); // generate randomizer byte[] optRand = new byte[engine.N]; - if (random != null) + if (m_random != null) { - random.NextBytes(optRand); + m_random.NextBytes(optRand); } else { - Array.Copy(privKey.pk.seed, 0, optRand, 0, optRand.Length); + Array.Copy(m_privKey.m_pk.seed, 0, optRand, 0, optRand.Length); } Fors fors = new Fors(engine); - byte[] R = engine.PRF_msg(privKey.sk.prf, optRand, message); + byte[] R = engine.PRF_msg(m_privKey.m_sk.prf, optRand, message); // compute message digest and index - IndexedDigest idxDigest = engine.H_msg(R, privKey.pk.seed, privKey.pk.root, message); + IndexedDigest idxDigest = engine.H_msg(R, m_privKey.m_pk.seed, m_privKey.m_pk.root, message); byte[] mHash = idxDigest.digest; ulong idx_tree = idxDigest.idx_tree; uint idx_leaf = idxDigest.idx_leaf; // FORS sign Adrs adrs = new Adrs(); - adrs.SetType(Adrs.FORS_TREE); + adrs.SetAdrsType(Adrs.FORS_TREE); adrs.SetTreeAddress(idx_tree); adrs.SetKeyPairAddress(idx_leaf); - SIG_FORS[] sig_fors = fors.Sign(mHash, privKey.sk.seed, privKey.pk.seed, adrs); + SIG_FORS[] sig_fors = fors.Sign(mHash, m_privKey.m_sk.seed, m_privKey.m_pk.seed, adrs); // get FORS public key - spec shows M? adrs = new Adrs(); - adrs.SetType(Adrs.FORS_TREE); + adrs.SetAdrsType(Adrs.FORS_TREE); adrs.SetTreeAddress(idx_tree); adrs.SetKeyPairAddress(idx_leaf); - byte[] PK_FORS = fors.PKFromSig(sig_fors, mHash, privKey.pk.seed, adrs); + byte[] PK_FORS = fors.PKFromSig(sig_fors, mHash, m_privKey.m_pk.seed, adrs); // sign FORS public key with HT Adrs treeAdrs = new Adrs(); - treeAdrs.SetType(Adrs.TREE); + treeAdrs.SetAdrsType(Adrs.TREE); - HT ht = new HT(engine, privKey.GetSeed(), privKey.GetPublicSeed()); + HT ht = new HT(engine, m_privKey.GetSeed(), m_privKey.GetPublicSeed()); byte[] SIG_HT = ht.Sign(PK_FORS, idx_tree, idx_leaf); byte[][] sigComponents = new byte[sig_fors.Length + 2][]; sigComponents[0] = R; @@ -118,8 +117,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus //# Output: bool // init - SPHINCSPlusEngine engine = pubKey.GetParameters().GetEngine(); - engine.Init(pubKey.GetSeed()); + SphincsPlusEngine engine = m_pubKey.Parameters.GetEngine(); + engine.Init(m_pubKey.GetSeed()); Adrs adrs = new Adrs(); SIG sig = new SIG(engine.N, engine.K, engine.A, engine.D, engine.H_PRIME, engine.WOTS_LEN, signature); @@ -129,24 +128,24 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus SIG_XMSS[] SIG_HT = sig.SIG_HT; // compute message digest and index - IndexedDigest idxDigest = engine.H_msg(R, pubKey.GetSeed(), pubKey.GetRoot(), message); + IndexedDigest idxDigest = engine.H_msg(R, m_pubKey.GetSeed(), m_pubKey.GetRoot(), message); byte[] mHash = idxDigest.digest; ulong idx_tree = idxDigest.idx_tree; uint idx_leaf = idxDigest.idx_leaf; // compute FORS public key - adrs.SetType(Adrs.FORS_TREE); + adrs.SetAdrsType(Adrs.FORS_TREE); adrs.SetLayerAddress(0); adrs.SetTreeAddress(idx_tree); adrs.SetKeyPairAddress(idx_leaf); - byte[] PK_FORS = new Fors(engine).PKFromSig(sig_fors, mHash, pubKey.GetSeed(), adrs); + byte[] PK_FORS = new Fors(engine).PKFromSig(sig_fors, mHash, m_pubKey.GetSeed(), adrs); // verify HT signature - adrs.SetType(Adrs.TREE); + adrs.SetAdrsType(Adrs.TREE); adrs.SetLayerAddress(0); adrs.SetTreeAddress(idx_tree); adrs.SetKeyPairAddress(idx_leaf); - HT ht = new HT(engine, null, pubKey.GetSeed()); - return ht.Verify(PK_FORS, SIG_HT, pubKey.GetSeed(), idx_tree, idx_leaf, pubKey.GetRoot()); + HT ht = new HT(engine, null, m_pubKey.GetSeed()); + return ht.Verify(PK_FORS, SIG_HT, m_pubKey.GetSeed(), idx_tree, idx_leaf, m_pubKey.GetRoot()); } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/WotsPlus.cs b/crypto/src/pqc/crypto/sphincsplus/WotsPlus.cs index c87cb67f4..b254530d9 100644 --- a/crypto/src/pqc/crypto/sphincsplus/WotsPlus.cs +++ b/crypto/src/pqc/crypto/sphincsplus/WotsPlus.cs @@ -1,16 +1,16 @@ - using System; + using Org.BouncyCastle.Crypto.Utilities; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { - class WotsPlus + internal class WotsPlus { - private SPHINCSPlusEngine engine; + private SphincsPlusEngine engine; private uint w; - internal WotsPlus(SPHINCSPlusEngine engine) + internal WotsPlus(SphincsPlusEngine engine) { this.engine = engine; this.w = this.engine.WOTS_W; @@ -21,16 +21,18 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus Adrs wotspkAdrs = new Adrs(paramAdrs); // copy address to create OTS public key address byte[][] tmp = new byte[engine.WOTS_LEN][]; + byte[] sk = new byte[engine.N]; for (uint i = 0; i < engine.WOTS_LEN; i++) { Adrs adrs = new Adrs(paramAdrs); - adrs.SetType(Adrs.WOTS_PRF); + adrs.SetAdrsType(Adrs.WOTS_PRF); adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress()); adrs.SetChainAddress(i); adrs.SetHashAddress(0); - - byte[] sk = engine.PRF(pkSeed, skSeed, adrs); - adrs.SetType(Adrs.WOTS_HASH); + + engine.PRF(pkSeed, skSeed, adrs, sk, 0); + + adrs.SetAdrsType(Adrs.WOTS_HASH); adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress()); adrs.SetChainAddress(i); adrs.SetHashAddress(0); @@ -38,45 +40,44 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus tmp[i] = Chain(sk, 0, w - 1, pkSeed, adrs); } - wotspkAdrs.SetType(Adrs.WOTS_PK); + wotspkAdrs.SetAdrsType(Adrs.WOTS_PK); wotspkAdrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress()); return engine.T_l(pkSeed, wotspkAdrs, Arrays.ConcatenateAll(tmp)); } - // #Input: Input string X, start index i, number of steps s, public seed PK.seed, - // address Adrs - // #Output: value of F iterated s times on X - byte[] Chain(byte[] X, uint i, uint s, byte[] pkSeed, Adrs adrs) + // #Input: Input string X, start index i, number of steps s, public seed PK.seed, address Adrs + // #Output: value of F iterated s times on X + internal byte[] Chain(byte[] X, uint i, uint s, byte[] pkSeed, Adrs adrs) { if (s == 0) - { return Arrays.Clone(X); - } if ((i + s) > (this.w - 1)) - { return null; - } - byte[] tmp = Chain(X, i, s - 1, pkSeed, adrs); - adrs.SetHashAddress(i + s - 1); - tmp = engine.F(pkSeed, adrs, tmp); - - return tmp; + byte[] result = X; + for (uint j = 0; j < s; ++j) + { + adrs.SetHashAddress(i + j); + result = engine.F(pkSeed, adrs, result); + } + return result; } - // // #Input: Message M, secret seed SK.seed, public seed PK.seed, address Adrs // #Output: WOTS+ signature sig - public byte[] Sign(byte[] M, byte[] skSeed, byte[] pkSeed, Adrs paramAdrs) + internal byte[] Sign(byte[] M, byte[] skSeed, byte[] pkSeed, Adrs paramAdrs) { Adrs adrs = new Adrs(paramAdrs); - uint csum = 0; + uint[] msg = new uint[engine.WOTS_LEN]; + // convert message to base w - uint[] msg = BaseW(M, w, engine.WOTS_LEN1); + BaseW(M, 0, w, msg, 0, engine.WOTS_LEN1); + // compute checksum + uint csum = 0; for (int i = 0; i < engine.WOTS_LEN1; i++) { csum += w - 1 - msg[i]; @@ -85,22 +86,24 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus // convert csum to base w if ((engine.WOTS_LOGW % 8) != 0) { - csum = csum << (8 - ((engine.WOTS_LEN2 * engine.WOTS_LOGW) % 8)); + csum <<= 8 - (engine.WOTS_LEN2 * engine.WOTS_LOGW % 8); } - int len_2_bytes = (engine.WOTS_LEN2 * engine.WOTS_LOGW + 7) / 8; - byte[] bytes = Pack.UInt32_To_BE(csum); - msg = Arrays.Concatenate(msg, - BaseW(Arrays.CopyOfRange(bytes, 4 -len_2_bytes, bytes.Length), w, engine.WOTS_LEN2)); + byte[] csum_bytes = Pack.UInt32_To_BE(csum); + BaseW(csum_bytes, 4 - len_2_bytes, w, msg, engine.WOTS_LEN1, engine.WOTS_LEN2); + byte[][] sig = new byte[engine.WOTS_LEN][]; + byte[] sk = new byte[engine.N]; for (uint i = 0; i < engine.WOTS_LEN; i++) { - adrs.SetType(Adrs.WOTS_PRF); + adrs.SetAdrsType(Adrs.WOTS_PRF); adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress()); adrs.SetChainAddress(i); adrs.SetHashAddress(0); - byte[] sk = engine.PRF(pkSeed, skSeed, adrs); - adrs.SetType(Adrs.WOTS_HASH); + + engine.PRF(pkSeed, skSeed, adrs, sk, 0); + + adrs.SetAdrsType(Adrs.WOTS_HASH); adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress()); adrs.SetChainAddress(i); adrs.SetHashAddress(0); @@ -113,50 +116,46 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus // // Input: len_X-byte string X, int w, output length out_len - // Output: out_len int array basew - uint[] BaseW(byte[] X, uint w, int out_len) + // Output: outLen int array basew + internal void BaseW(byte[] X, int XOff, uint w, uint[] output, int outOff, int outLen) { - int input = 0; - int outputIndex = 0; int total = 0; int bits = 0; - uint[] output = new uint[out_len]; - for (int consumed = 0; consumed < out_len; consumed++) + for (int consumed = 0; consumed < outLen; consumed++) { if (bits == 0) { - total = X[input]; - input++; + total = X[XOff++]; bits += 8; } bits -= engine.WOTS_LOGW; - output[outputIndex] = (uint) ((total >> bits) & (w - 1)); - outputIndex++; + output[outOff++] = (uint)((total >> bits) & (w - 1)); } - - return output; } - public byte[] PKFromSig(byte[] sig, byte[] M, byte[] pkSeed, Adrs adrs) + internal byte[] PKFromSig(byte[] sig, byte[] M, byte[] pkSeed, Adrs adrs) { - uint csum = 0; Adrs wotspkAdrs = new Adrs(adrs); + + uint[] msg = new uint[engine.WOTS_LEN]; + // convert message to base w - uint[] msg = BaseW(M, w, engine.WOTS_LEN1); + BaseW(M, 0, w, msg, 0, engine.WOTS_LEN1); + // compute checksum + uint csum = 0; for (int i = 0; i < engine.WOTS_LEN1; i++) { - csum += (uint) (w - 1 - msg[i]); + csum += w - 1 - msg[i]; } // convert csum to base w - csum = csum << (8 - ((engine.WOTS_LEN2 * engine.WOTS_LOGW) % 8)); + csum <<= 8 - (engine.WOTS_LEN2 * engine.WOTS_LOGW % 8); int len_2_bytes = (engine.WOTS_LEN2 * engine.WOTS_LOGW + 7) / 8; - - msg = Arrays.Concatenate(msg, - BaseW(Arrays.CopyOfRange(Pack.UInt32_To_BE(csum), 4 - len_2_bytes, 4), w, engine.WOTS_LEN2)); + byte[] csum_bytes = Pack.UInt32_To_BE(csum); + BaseW(csum_bytes, 4 - len_2_bytes, w, msg, engine.WOTS_LEN1, engine.WOTS_LEN2); byte[] sigI = new byte[engine.N]; byte[][] tmp = new byte[engine.WOTS_LEN][]; @@ -165,12 +164,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus adrs.SetChainAddress(i); Array.Copy(sig, i * engine.N, sigI, 0, engine.N); tmp[i] = Chain(sigI, msg[i], w - 1 - msg[i], pkSeed, adrs); - } // f6be78d057cc8056907ad2bf83cc8be7 + } - wotspkAdrs.SetType(Adrs.WOTS_PK); + wotspkAdrs.SetAdrsType(Adrs.WOTS_PK); wotspkAdrs.SetKeyPairAddress(adrs.GetKeyPairAddress()); return engine.T_l(pkSeed, wotspkAdrs, Arrays.ConcatenateAll(tmp)); } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/utils/PqcUtilities.cs b/crypto/src/pqc/crypto/utils/PqcUtilities.cs index 2820b3cfd..26ced321a 100644 --- a/crypto/src/pqc/crypto/utils/PqcUtilities.cs +++ b/crypto/src/pqc/crypto/utils/PqcUtilities.cs @@ -207,9 +207,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities return dilithiumOids[parameters]; } - internal static DerObjectIdentifier SphincsPlusOidLookup(SPHINCSPlusParameters parameters) + internal static DerObjectIdentifier SphincsPlusOidLookup(SphincsPlusParameters parameters) { - uint pId = SPHINCSPlusParameters.GetID(parameters); + uint pId = SphincsPlusParameters.GetID(parameters); if ((pId & 0x020000) == 0x020000) { diff --git a/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs b/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs index db424faac..63ae37e48 100644 --- a/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs +++ b/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs @@ -83,9 +83,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities if (algOID.On(BCObjectIdentifiers.sphincsPlus)) { byte[] keyEnc = Asn1OctetString.GetInstance(keyInfo.ParsePrivateKey()).GetOctets(); - SPHINCSPlusParameters spParams = SPHINCSPlusParameters.GetParams((uint)BigInteger.ValueOf(Pack.BE_To_UInt32(keyEnc, 0)).IntValue); + SphincsPlusParameters spParams = SphincsPlusParameters.GetParams((uint)BigInteger.ValueOf(Pack.BE_To_UInt32(keyEnc, 0)).IntValue); - return new SPHINCSPlusPrivateKeyParameters(spParams, Arrays.CopyOfRange(keyEnc, 4, keyEnc.Length)); + return new SphincsPlusPrivateKeyParameters(spParams, Arrays.CopyOfRange(keyEnc, 4, keyEnc.Length)); } if (algOID.On(BCObjectIdentifiers.pqc_kem_saber)) { diff --git a/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs b/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs index 2768ad6f1..010d9f0e3 100644 --- a/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs +++ b/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs @@ -61,14 +61,15 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdAlgHssLmsHashsig); return new PrivateKeyInfo(algorithmIdentifier, new DerOctetString(encoding), attributes, pubEncoding); } - if (privateKey is SPHINCSPlusPrivateKeyParameters) + if (privateKey is SphincsPlusPrivateKeyParameters) { - SPHINCSPlusPrivateKeyParameters parameters = (SPHINCSPlusPrivateKeyParameters)privateKey; + SphincsPlusPrivateKeyParameters parameters = (SphincsPlusPrivateKeyParameters)privateKey; byte[] encoding = parameters.GetEncoded(); byte[] pubEncoding = parameters.GetEncodedPublicKey(); - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PqcUtilities.SphincsPlusOidLookup(parameters.GetParameters())); + AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( + PqcUtilities.SphincsPlusOidLookup(parameters.Parameters)); return new PrivateKeyInfo(algorithmIdentifier, new DerOctetString(encoding), attributes, pubEncoding); } if (privateKey is CmcePrivateKeyParameters) diff --git a/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs b/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs index e2279c15c..a5aaca92c 100644 --- a/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs +++ b/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs @@ -28,10 +28,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities static PublicKeyFactory() { - converters[BCObjectIdentifiers.sphincsPlus] = new SPHINCSPlusConverter(); - converters[BCObjectIdentifiers.sphincsPlus_shake_256] = new SPHINCSPlusConverter(); - converters[BCObjectIdentifiers.sphincsPlus_sha_256] = new SPHINCSPlusConverter(); - converters[BCObjectIdentifiers.sphincsPlus_sha_512] = new SPHINCSPlusConverter(); + converters[BCObjectIdentifiers.sphincsPlus] = new SphincsPlusConverter(); + converters[BCObjectIdentifiers.sphincsPlus_shake_256] = new SphincsPlusConverter(); + converters[BCObjectIdentifiers.sphincsPlus_sha_256] = new SphincsPlusConverter(); + converters[BCObjectIdentifiers.sphincsPlus_sha_512] = new SphincsPlusConverter(); converters[BCObjectIdentifiers.mceliece348864_r3] = new CmceConverter(); converters[BCObjectIdentifiers.mceliece348864f_r3] = new CmceConverter(); @@ -127,7 +127,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities /// <param name="defaultParams"> default parameters that might be needed.</param> /// <returns> the appropriate key parameter</returns> /// <exception cref="IOException"> on an error decoding the key</exception> - public static AsymmetricKeyParameter CreateKey(SubjectPublicKeyInfo keyInfo, Object defaultParams) + public static AsymmetricKeyParameter CreateKey(SubjectPublicKeyInfo keyInfo, object defaultParams) { AlgorithmIdentifier algId = keyInfo.AlgorithmID; SubjectPublicKeyInfoConverter converter = (SubjectPublicKeyInfoConverter)converters[algId.Algorithm]; @@ -143,26 +143,26 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities } private abstract class SubjectPublicKeyInfoConverter { - internal abstract AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams); + internal abstract AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams); } - private class SPHINCSPlusConverter + private class SphincsPlusConverter : SubjectPublicKeyInfoConverter { - internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) + internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams) { byte[] keyEnc = DerOctetString.GetInstance(keyInfo.ParsePublicKey()).GetOctets(); - SPHINCSPlusParameters spParams = SPHINCSPlusParameters.GetParams((uint)BigInteger.ValueOf(Pack.BE_To_UInt32(keyEnc, 0)).IntValue); + SphincsPlusParameters spParams = SphincsPlusParameters.GetParams((uint)BigInteger.ValueOf(Pack.BE_To_UInt32(keyEnc, 0)).IntValue); - return new SPHINCSPlusPublicKeyParameters(spParams, Arrays.CopyOfRange(keyEnc, 4, keyEnc.Length)); + return new SphincsPlusPublicKeyParameters(spParams, Arrays.CopyOfRange(keyEnc, 4, keyEnc.Length)); } } private class CmceConverter : SubjectPublicKeyInfoConverter { - internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) + internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams) { byte[] keyEnc = CmcePublicKey.GetInstance(keyInfo.ParsePublicKey()).T; @@ -175,7 +175,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities private class SaberConverter : SubjectPublicKeyInfoConverter { - internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) + internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams) { byte[] keyEnc = DerOctetString.GetInstance( DerSequence.GetInstance(keyInfo.ParsePublicKey())[0]).GetOctets(); @@ -189,7 +189,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities private class PicnicConverter : SubjectPublicKeyInfoConverter { - internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) + internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams) { byte[] keyEnc = DerOctetString.GetInstance(keyInfo.ParsePublicKey()).GetOctets(); @@ -201,7 +201,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities private class SikeConverter : SubjectPublicKeyInfoConverter { - internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) + internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams) { byte[] keyEnc = DerOctetString.GetInstance(keyInfo.ParsePublicKey()).GetOctets(); @@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities private class DilithiumConverter : SubjectPublicKeyInfoConverter { - internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) + internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams) { DilithiumParameters dilithiumParams = PqcUtilities.DilithiumParamsLookup(keyInfo.AlgorithmID.Algorithm); @@ -238,7 +238,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities private class KyberConverter : SubjectPublicKeyInfoConverter { - internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) + internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams) { KyberParameters kyberParameters = PqcUtilities.KyberParamsLookup(keyInfo.AlgorithmID.Algorithm); @@ -259,11 +259,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities } } } - + private class FalconConverter : SubjectPublicKeyInfoConverter { - internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams) + internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams) { FalconParameters falconParams = PqcUtilities.FalconParamsLookup(keyInfo.AlgorithmID.Algorithm); diff --git a/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs b/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs index eea6b8717..8aa09af06 100644 --- a/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs +++ b/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs @@ -41,13 +41,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities if (publicKey.IsPrivate) throw new ArgumentException("Private key passed - public key expected.", "publicKey"); - if (publicKey is SPHINCSPlusPublicKeyParameters) + if (publicKey is SphincsPlusPublicKeyParameters) { - SPHINCSPlusPublicKeyParameters parameters = (SPHINCSPlusPublicKeyParameters)publicKey; + SphincsPlusPublicKeyParameters parameters = (SphincsPlusPublicKeyParameters)publicKey; byte[] encoding = parameters.GetEncoded(); - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PqcUtilities.SphincsPlusOidLookup(parameters.GetParameters())); + AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( + PqcUtilities.SphincsPlusOidLookup(parameters.Parameters)); return new SubjectPublicKeyInfo(algorithmIdentifier, new DerOctetString(encoding)); } if (publicKey is CmcePublicKeyParameters) diff --git a/crypto/test/src/pqc/crypto/test/SphincsPlusTest.cs b/crypto/test/src/pqc/crypto/test/SphincsPlusTest.cs index d5f909c69..39c81a700 100644 --- a/crypto/test/src/pqc/crypto/test/SphincsPlusTest.cs +++ b/crypto/test/src/pqc/crypto/test/SphincsPlusTest.cs @@ -104,43 +104,43 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests [Test] public void TestBasicKeyGeneration() { - SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator(); + SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator(); FixedSecureRandom.Source[] source = { new FixedSecureRandom.Source(Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E4792F267AAFA3F87CA60D01CB54F29202A3E784CCB7EBCDCFD45542B7F6AF778742E0F4479175084AA488B3B74340678AAD111491E7E52F6F1D726DAF2A4E75CAFB60D034B6E912B26BE68464B0095D60D")) }; FixedSecureRandom random = new FixedSecureRandom(source); - kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_256f)); + kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_256f)); AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); - SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public; - SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private; + SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public; + SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private; - Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), pubParams.GetEncoded())); - Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4792f267aafa3f87ca60d01cb54f29202a3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), privParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), pubParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4792f267aafa3f87ca60d01cb54f29202a3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), privParams.GetEncoded())); SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubParams); PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privParams); - pubParams = (SPHINCSPlusPublicKeyParameters)PublicKeyFactory.CreateKey(pubInfo.GetEncoded()); - privParams = (SPHINCSPlusPrivateKeyParameters)PrivateKeyFactory.CreateKey(privInfo.GetEncoded()); + pubParams = (SphincsPlusPublicKeyParameters)PublicKeyFactory.CreateKey(pubInfo.GetEncoded()); + privParams = (SphincsPlusPrivateKeyParameters)PrivateKeyFactory.CreateKey(privInfo.GetEncoded()); - Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), pubParams.GetEncoded())); - Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4792f267aafa3f87ca60d01cb54f29202a3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), privParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), pubParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4792f267aafa3f87ca60d01cb54f29202a3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), privParams.GetEncoded())); } [Test] public void TestBasicKeyImportSimpleSign() { - SPHINCSPlusPublicKeyParameters pubParams = new SPHINCSPlusPublicKeyParameters(SPHINCSPlusParameters.sha2_128f, Hex.Decode("b505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")); - SPHINCSPlusPrivateKeyParameters privParams = new SPHINCSPlusPrivateKeyParameters(SPHINCSPlusParameters.sha2_128f, Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")); + SphincsPlusPublicKeyParameters pubParams = new SphincsPlusPublicKeyParameters(SphincsPlusParameters.sha2_128f, Hex.Decode("b505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")); + SphincsPlusPrivateKeyParameters privParams = new SphincsPlusPrivateKeyParameters(SphincsPlusParameters.sha2_128f, Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")); - Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")), pubParams.GetEncoded())); - Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")), privParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")), pubParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")), privParams.GetEncoded())); byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8"); - SPHINCSPlusSigner signer = new SPHINCSPlusSigner(); + SphincsPlusSigner signer = new SphincsPlusSigner(); FixedSecureRandom.Source[] source1 = {new FixedSecureRandom.Source(Hex.Decode("33b3c07507e4201748494d832b6ee2a6"))}; @@ -162,22 +162,22 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests [Test] public void TestBasicSignature() { - SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator(); + SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator(); FixedSecureRandom.Source[] source = {new FixedSecureRandom.Source (Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E4711E95F8A383854BA16A5DD3E25FF71D3" + "061550234D158C5EC95595FE04EF7A25767F2E24CC2BC479D09D86DC9ABCFDE7056A8C266F9EF97ED08541DBD2E1FFA1"))}; FixedSecureRandom random = new FixedSecureRandom(source); - kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.sha2_128f)); + kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.sha2_128f)); AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); - SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public; - SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private; + SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public; + SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private; byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8"); - SPHINCSPlusSigner signer = new SPHINCSPlusSigner(); + SphincsPlusSigner signer = new SphincsPlusSigner(); FixedSecureRandom.Source[] source1 = {new FixedSecureRandom.Source(Hex.Decode("33b3c07507e4201748494d832b6ee2a6"))}; @@ -199,23 +199,23 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests [Test] public void TestDeterministicSignature() { - SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator(); + SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator(); FixedSecureRandom.Source[] source = {new FixedSecureRandom.Source(Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E4711E95F8A383854BA16A5DD3E25FF71D3" + "061550234D158C5EC95595FE04EF7A25767F2E24CC2BC479D09D86DC9ABCFDE7056A8C266F9EF97ED08541DBD2E1FFA1"))}; FixedSecureRandom random = new FixedSecureRandom(source); - kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.sha2_128f)); + kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.sha2_128f)); AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); - SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public; - SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private; + SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public; + SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private; byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8"); - SPHINCSPlusSigner signer = new SPHINCSPlusSigner(); + SphincsPlusSigner signer = new SphincsPlusSigner(); signer.Init(true, privParams); @@ -234,7 +234,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests [Test] public void TestBasicKeyGenerationShake256128fSimple() { - SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator(); + SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator(); FixedSecureRandom.Source[] source = {new FixedSecureRandom.Source(Hex.Decode( @@ -242,21 +242,21 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests FixedSecureRandom random = new FixedSecureRandom(source); - kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_128f_simple)); + kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_128f_simple)); AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); - SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public; - SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private; + SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public; + SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private; - Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e47afbc007ba1e2b4a138f03aa9a6195ac8")), pubParams.GetEncoded())); - Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e47afbc007ba1e2b4a138f03aa9a6195ac8")), privParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e47afbc007ba1e2b4a138f03aa9a6195ac8")), pubParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e47afbc007ba1e2b4a138f03aa9a6195ac8")), privParams.GetEncoded())); } [Test] public void TestBasicKeyGenerationShake256128fSimpleSign() { - SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator(); + SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator(); FixedSecureRandom.Source[] source = {new FixedSecureRandom.Source(Hex.Decode( "7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E4766BA69D8560A9F84846AD8B765390C84"))}; @@ -264,16 +264,16 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests FixedSecureRandom random = new FixedSecureRandom(source); - kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_128f_simple)); + kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_128f_simple)); AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); - SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public; - SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private; + SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public; + SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private; byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8"); - SPHINCSPlusSigner signer = new SPHINCSPlusSigner(); + SphincsPlusSigner signer = new SphincsPlusSigner(); FixedSecureRandom.Source[] source1 = { new FixedSecureRandom.Source(Hex.Decode("33b3c07507e4201748494d832b6ee2a6")) }; @@ -295,42 +295,42 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests [Test] public void TestBasicKeyGenerationShake256128fRobust() { - SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator(); + SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator(); FixedSecureRandom.Source[] source = { new FixedSecureRandom.Source(Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E47354D75735F16E03DEC94D1F5B00C213D")) }; FixedSecureRandom random = new FixedSecureRandom(source); - kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_128f)); + kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_128f)); AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); - SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public; - SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private; + SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public; + SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private; - Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e4714be46e5b92237d09a0ea8a0404033a6")), pubParams.GetEncoded())); - Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4714be46e5b92237d09a0ea8a0404033a6")), privParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e4714be46e5b92237d09a0ea8a0404033a6")), pubParams.GetEncoded())); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4714be46e5b92237d09a0ea8a0404033a6")), privParams.GetEncoded())); } [Test] public void TestBasicKeyGenerationShake256128fRobustSign() { - SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator(); + SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator(); FixedSecureRandom.Source[] source = { new FixedSecureRandom.Source(Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E47354D75735F16E03DEC94D1F5B00C213D")) }; FixedSecureRandom random = new FixedSecureRandom(source); - kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_128f)); + kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_128f)); AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); - SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public; - SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private; + SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public; + SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private; byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8"); - SPHINCSPlusSigner signer = new SPHINCSPlusSigner(); + SphincsPlusSigner signer = new SphincsPlusSigner(); FixedSecureRandom.Source[] source1 = {new FixedSecureRandom.Source(Hex.Decode("33b3c07507e4201748494d832b6ee2a6"))}; @@ -378,12 +378,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests byte[] sigExpected = Hex.Decode(buf["sm"]); byte[] oprR = Hex.Decode(buf["optrand"]); - SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator(); + SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator(); FixedSecureRandom.Source[] source = { new FixedSecureRandom.Source(sk) }; SecureRandom random = new FixedSecureRandom(source); - SPHINCSPlusParameters parameters; + SphincsPlusParameters parameters; string[] nameParts = SplitOn(name, '-'); bool sha2 = nameParts[0].Equals("sha2"); @@ -442,25 +442,25 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests throw new ArgumentException("unknown complexity"); } - parameters = (SPHINCSPlusParameters)typeof(SPHINCSPlusParameters).GetField(b.ToString()).GetValue(null);//todo unsure + parameters = (SphincsPlusParameters)typeof(SphincsPlusParameters).GetField(b.ToString()).GetValue(null);//todo unsure // // Generate keys and test. // - kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, parameters)); + kpGen.Init(new SphincsPlusKeyGenerationParameters(random, parameters)); AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); - SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public; - SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private; + SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public; + SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private; - Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), pk), pubParams.GetEncoded()), name + " " + count + ": public key"); - Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), sk), privParams.GetEncoded()), name + " " + count + ": secret key"); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), pk), pubParams.GetEncoded()), name + " " + count + ": public key"); + Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), sk), privParams.GetEncoded()), name + " " + count + ": secret key"); // // Signature test // - SPHINCSPlusSigner signer = new SPHINCSPlusSigner(); + SphincsPlusSigner signer = new SphincsPlusSigner(); FixedSecureRandom.Source[] s1 = { new FixedSecureRandom.Source(oprR) }; signer.Init(true, new ParametersWithRandom(privParams, new FixedSecureRandom(s1))); |