summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2023-03-01 20:31:44 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2023-03-01 20:31:44 +0700
commit4a35ec963ae85186d60546459149ea2f1694a5c5 (patch)
tree6f958d6a752d4d1477d6107e9175e648f9622d8d
parentBIKE: transpose directly (diff)
downloadBouncyCastle.NET-ed25519-4a35ec963ae85186d60546459149ea2f1694a5c5.tar.xz
BIKE: fix FunctionH over-allocation
Diffstat
-rw-r--r--crypto/src/pqc/crypto/bike/BikeEngine.cs22


1 files changed, 14 insertions, 8 deletions
diff --git a/crypto/src/pqc/crypto/bike/BikeEngine.cs b/crypto/src/pqc/crypto/bike/BikeEngine.cs
index e50546b75..16b5f54bc 100644
--- a/crypto/src/pqc/crypto/bike/BikeEngine.cs
+++ b/crypto/src/pqc/crypto/bike/BikeEngine.cs
@@ -37,6 +37,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Bike
         private readonly BikeRing bikeRing;
         private readonly int L_BYTE;
         private readonly int R_BYTE;
+        private readonly int R2_BYTE;
+        //private readonly int R_UINT;
+        private readonly int R2_UINT;
 
         internal BikeEngine(int r, int w, int t, int l, int nbIter, int tau)
         {
@@ -48,7 +51,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Bike
             this.tau = tau;
             this.hw = this.w / 2;
             this.L_BYTE = l / 8;
-            this.R_BYTE = (r + 7) / 8;
+            this.R_BYTE = (r + 7) >> 3;
+            this.R2_BYTE = (2 * r + 7) >> 3;
+            //this.R_UINT = (r + 31) >> 5;
+            this.R2_UINT = (2 * r + 31) >> 5;
             this.bikeRing = new BikeRing(r);
         }
 
@@ -56,10 +62,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Bike
 
         private byte[] FunctionH(byte[] seed)
         {
-            byte[] res = new byte[r * 2];
+            byte[] res = new byte[R2_BYTE];
             IXof digest = new ShakeDigest(256);
             digest.BlockUpdate(seed, 0, seed.Length);
-            BikeUtilities.GenerateRandomByteArray(res, (uint)r * 2, (uint)t, digest);
+            BikeUtilities.GenerateRandomByteArray(res, (uint)(2 * r), (uint)t, digest);
             return res;
         }
 
@@ -237,7 +243,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Bike
 
             // 1. Compute e'
             byte[] ePrimeBits = BGFDecoder(syndromeBits, h0Compact, h1Compact);
-            byte[] ePrimeBytes = new byte[2 * R_BYTE];
+            byte[] ePrimeBytes = new byte[R2_BYTE];
             BikeUtilities.FromBitArrayToByteArray(ePrimeBytes, ePrimeBits, 0, 2 * r);
 
             byte[] e0Bytes = new byte[R_BYTE];
@@ -252,7 +258,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Bike
 
             // 3. Compute K
             byte[] wlist = FunctionH(mPrime);
-            if (Arrays.AreEqual(ePrimeBytes, 0, ePrimeBytes.Length, wlist, 0, ePrimeBytes.Length))
+            if (Arrays.AreEqual(ePrimeBytes, 0, R2_BYTE, wlist, 0, R2_BYTE))
             {
                 FunctionK(mPrime, c0, c1, k);
             }
@@ -281,11 +287,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Bike
             int[] h0CompactCol = GetColumnFromCompactVersion(h0Compact);
             int[] h1CompactCol = GetColumnFromCompactVersion(h1Compact);
 
-            uint[] black = new uint[(2 * r + 31) >> 5];
+            uint[] black = new uint[R2_UINT];
             byte[] ctrs = new byte[r];
 
             {
-                uint[] gray = new uint[(2 * r + 31) >> 5];
+                uint[] gray = new uint[R2_UINT];
 
                 int T = Threshold(BikeUtilities.GetHammingWeight(s), r);
 
@@ -419,7 +425,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Bike
         private void BFMaskedIter(byte[] s, byte[] e, uint[] mask, int T, int[] h0Compact, int[] h1Compact,
             int[] h0CompactCol, int[] h1CompactCol)
         {
-            uint[] updatedIndices = new uint[(2 * r + 31) >> 5];
+            uint[] updatedIndices = new uint[R2_UINT];
 
             for (int j = 0; j < r; j++)
             {

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 01:29:12 +0000