diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-10-22 22:00:16 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-10-22 22:00:16 +0700 |
| commit | 8d41d5c0608b7f65075c6c0d5afac3d15e766ad6 (patch) | |
| tree | 1a2d3dec647a88ae317f37ee72537d05b771eda7 | |
| parent | Refactoring in Pqc.Crypto.Saber (diff) | |
| download | BouncyCastle.NET-ed25519-8d41d5c0608b7f65075c6c0d5afac3d15e766ad6.tar.xz | |
Refactoring in Pqc.Crypto.Sike
25 files changed, 862 insertions, 885 deletions
diff --git a/crypto/src/pqc/crypto/sike/Fpx.cs b/crypto/src/pqc/crypto/sike/Fpx.cs index 2ba6ab2f5..9ba332753 100644 --- a/crypto/src/pqc/crypto/sike/Fpx.cs +++ b/crypto/src/pqc/crypto/sike/Fpx.cs @@ -1,4 +1,3 @@ -using System; using System.Diagnostics; #if NETSTANDARD1_0_OR_GREATER || NETCOREAPP1_0_OR_GREATER using System.Runtime.CompilerServices; @@ -8,11 +7,11 @@ using Org.BouncyCastle.Crypto.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Sike { - internal class Fpx + internal sealed class Fpx { - private SIKEEngine engine; + private readonly SikeEngine engine; - internal Fpx(SIKEEngine engine) + internal Fpx(SikeEngine engine) { this.engine = engine; } @@ -47,7 +46,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Also, vec and out CANNOT be the same variable! protected internal void mont_n_way_inv(ulong[][][] vec, uint n, ulong[][][] output) { - ulong[][] t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); int i; fp2copy(vec[0], output[0]); // output[0] = vec[0] @@ -368,7 +367,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // This uses the binary GCD for inversion in fp and is NOT constant time!!! protected internal void fp2inv_mont_bingcd(ulong[][] a) { - ulong[][] t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); fpsqr_mont(a[0], t1[0]); // t10 = a0^2 fpsqr_mont(a[1], t1[1]); // t11 = a1^2 @@ -892,7 +891,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Conversion of GF(p^2) element from Montgomery to standard representation, and encoding by removing leading 0 bytes protected internal void fp2_encode(ulong[][] x, byte[] enc, uint encOffset) { - ulong[][] t = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); from_fp2mont(x, t); encode_to_bytes(t[0], enc, encOffset,engine.param.FP2_ENCODED_BYTES / 2); @@ -1280,8 +1279,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike protected internal byte cmp_f2elm(ulong[][] x, ulong[][] y) { // Comparison of two GF(p^2) elements in constant time. // Is x != y? return -1 if condition is true, 0 otherwise. - ulong[][] a = Utils.InitArray(2, engine.param.NWORDS_FIELD), - b = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] a = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + b = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); byte r = 0; fp2copy(x, a); @@ -1661,7 +1660,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // GF(p^2) inversion using Montgomery arithmetic, a = (a0-i*a1)/(a0^2+a1^2). protected internal void fp2inv_mont(ulong[][] a) { - ulong[][] t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); fpsqr_mont(a[0], t1[0]); // t10 = a0^2 fpsqr_mont(a[1], t1[1]); // t11 = a1^2 @@ -1808,7 +1807,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike if (engine.param.NBITS_FIELD == 434) { ulong[] tt = new ulong[engine.param.NWORDS_FIELD]; - ulong[][] t = Utils.InitArray(31, engine.param.NWORDS_FIELD); + ulong[][] t = SikeUtilities.InitArray(31, engine.param.NWORDS_FIELD); // Precomputed table fpsqr_mont(a, tt); @@ -1888,7 +1887,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike if (engine.param.NBITS_FIELD == 503) { - ulong[][] t = Utils.InitArray(15, engine.param.NWORDS_FIELD); + ulong[][] t = SikeUtilities.InitArray(15, engine.param.NWORDS_FIELD); ulong[] tt = new ulong[engine.param.NWORDS_FIELD]; // Precomputed table @@ -1991,7 +1990,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike if (engine.param.NBITS_FIELD == 610) { - ulong[][] t = Utils.InitArray(31, engine.param.NWORDS_FIELD); + ulong[][] t = SikeUtilities.InitArray(31, engine.param.NWORDS_FIELD); ulong[] tt = new ulong[engine.param.NWORDS_FIELD]; // Precomputed table @@ -2096,7 +2095,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike if (engine.param.NBITS_FIELD == 751) { - ulong[][] t = Utils.InitArray(27, engine.param.NWORDS_FIELD); + ulong[][] t = SikeUtilities.InitArray(27, engine.param.NWORDS_FIELD); ulong[] tt = new ulong[engine.param.NWORDS_FIELD]; // Precomputed table diff --git a/crypto/src/pqc/crypto/sike/Internal.cs b/crypto/src/pqc/crypto/sike/Internal.cs index 06df0a202..35b1a46e8 100644 --- a/crypto/src/pqc/crypto/sike/Internal.cs +++ b/crypto/src/pqc/crypto/sike/Internal.cs @@ -1,217 +1,214 @@ using System; using System.Collections.Generic; + using Org.BouncyCastle.Crypto.Utilities; using Org.BouncyCastle.Utilities.Encoders; namespace Org.BouncyCastle.Pqc.Crypto.Sike { - internal abstract class Internal - { - protected static Dictionary<string, string> _props; + { + protected static Dictionary<string, string> _props; - protected internal static uint RADIX = 64; - protected internal static uint LOG2RADIX = 6; - - protected internal uint CRYPTO_PUBLICKEYBYTES; - protected internal int CRYPTO_CIPHERTEXTBYTES; - protected internal uint CRYPTO_BYTES; - protected internal uint CRYPTO_SECRETKEYBYTES; - - - - protected internal uint NWORDS_FIELD; // Number of words of a n-bit field element - protected internal uint PRIME_ZERO_WORDS; // Number of "0" digits in the least significant part of PRIME + 1 - protected internal uint NBITS_FIELD; - protected internal uint MAXBITS_FIELD; - protected uint MAXWORDS_FIELD; // Max. number of words to represent field elements - protected uint NWORDS64_FIELD; // Number of 64-bit words of a 434-bit field element - protected internal uint NBITS_ORDER; - protected internal uint NWORDS_ORDER; // Number of words of oA and oB, where oA and oB are the subgroup orders of Alice and Bob, resp. - protected uint NWORDS64_ORDER; // Number of 64-bit words of a x-bit element - protected internal uint MAXBITS_ORDER; - protected internal uint ALICE; - protected internal uint BOB; - protected internal uint OALICE_BITS; - protected internal uint OBOB_BITS; - protected internal uint OBOB_EXPON; - protected internal uint MASK_ALICE; - protected internal uint MASK_BOB; - protected uint PARAM_A; - protected uint PARAM_C; - - // Fixed parameters for isogeny tree computation - protected internal uint MAX_INT_POINTS_ALICE; - protected internal uint MAX_INT_POINTS_BOB; - protected internal uint MAX_Alice; - protected internal uint MAX_Bob; - protected internal uint MSG_BYTES; - protected internal uint SECRETKEY_A_BYTES; - protected internal uint SECRETKEY_B_BYTES; - protected internal uint FP2_ENCODED_BYTES; - - protected bool COMPRESS; - - // Compressed Parameters - protected internal uint MASK2_BOB; - protected internal uint MASK3_BOB; - protected internal uint ORDER_A_ENCODED_BYTES; - protected internal uint ORDER_B_ENCODED_BYTES; - protected internal uint PARTIALLY_COMPRESSED_CHUNK_CT; - protected uint COMPRESSED_CHUNK_CT; - protected uint UNCOMPRESSEDPK_BYTES; - // Table sizes used by the Entangled basis generation - protected uint TABLE_R_LEN; - protected internal uint TABLE_V_LEN; - protected uint TABLE_V3_LEN; - // Parameters for discrete log computations - // Binary Pohlig-Hellman reduced to smaller logs of order ell^W - protected internal uint W_2; - protected internal uint W_3; - // ell^w - protected internal uint ELL2_W; - protected internal uint ELL3_W; - // ell^(e mod w) - protected internal uint ELL2_EMODW; - protected internal uint ELL3_EMODW; - // # of digits in the discrete log - protected internal uint DLEN_2; // ceil(eA/W_2) - protected internal uint DLEN_3; // ceil(eB/W_3) - // Use compressed tables: FULL_SIGNED - - - // Encoding of field elements - protected internal uint PLEN_2; - protected internal uint PLEN_3; - - protected internal ulong[] PRIME; - protected internal ulong[] PRIMEx2; - protected internal ulong[] PRIMEx4; - protected internal ulong[] PRIMEp1; - protected ulong[] PRIMEx16p; - protected ulong[] PRIMEp1x64; - protected internal ulong[] Alice_order; // Order of Alice's subgroup - protected internal ulong[] Bob_order; // Order of Bob's subgroup - protected internal ulong[] A_gen; // Alice's generator values {XPA0 + XPA1*iL, XQA0 + xQA1*iL, XRA0 + XRA1*i} in GF(p^2)L, expressed in Montgomery representation - protected internal ulong[] B_gen; // Bob's generator values {XPB0L, XQB0L, XRB0 + XRB1*i} in GF(p^2)L, expressed in Montgomery representation - protected internal ulong[] Montgomery_R2; // Montgomery constant Montgomery_R2 = (2^448)^2 mod p434 - protected internal ulong[] Montgomery_one; // Value one in Montgomery representation - - // Fixed parameters for isogeny tree computation - protected internal uint[] strat_Alice; - protected internal uint[] strat_Bob; - - //Compressed Encodings - //todo: abstract this more? - protected internal ulong[] XQB3; - protected internal ulong[] A_basis_zero; - protected ulong[] B_basis_zero; - protected internal ulong[] B_gen_3_tors; - protected internal ulong[] g_R_S_im; - protected ulong[] g_phiR_phiS_re; - protected ulong[] g_phiR_phiS_im; - protected ulong[] Montgomery_R; - protected internal ulong[] Montgomery_RB1; - protected internal ulong[] Montgomery_RB2; - protected ulong[] threeinv; - protected internal uint[] ph2_path; - protected internal uint[] ph3_path; - protected ulong[] u_entang; - protected ulong[] u0_entang; - protected internal ulong[][] table_r_qr; - protected internal ulong[][] table_r_qnr; - protected internal ulong[][] table_v_qr; - protected internal ulong[][] table_v_qnr; - protected internal ulong[][][] v_3_torsion; - - protected internal ulong[] T_tate3; - protected internal ulong[] T_tate2_firststep_P; - protected internal ulong[] T_tate2_P; - protected internal ulong[] T_tate2_firststep_Q; - protected internal ulong[] T_tate2_Q; - - ///Compressed Dlogs - protected internal ulong[] ph2_T; - protected internal ulong[] ph2_T1; - protected internal ulong[] ph2_T2; - protected internal ulong[] ph3_T; - protected internal ulong[] ph3_T1; - protected internal ulong[] ph3_T2; - - - static protected uint[] ReadIntsFromProperty(string key, uint intSize) - { - uint[] ints = new uint[intSize]; - string s = _props[key]; - uint i = 0; - foreach (string number in s.Split(',')) - { - ints[i] = UInt32.Parse(number); - i++; - } - return ints; - } + protected internal static uint RADIX = 64; + protected internal static uint LOG2RADIX = 6; + + protected internal uint CRYPTO_PUBLICKEYBYTES; + protected internal int CRYPTO_CIPHERTEXTBYTES; + protected internal uint CRYPTO_BYTES; + protected internal uint CRYPTO_SECRETKEYBYTES; + + + + protected internal uint NWORDS_FIELD; // Number of words of a n-bit field element + protected internal uint PRIME_ZERO_WORDS; // Number of "0" digits in the least significant part of PRIME + 1 + protected internal uint NBITS_FIELD; + protected internal uint MAXBITS_FIELD; + protected uint MAXWORDS_FIELD; // Max. number of words to represent field elements + protected uint NWORDS64_FIELD; // Number of 64-bit words of a 434-bit field element + protected internal uint NBITS_ORDER; + protected internal uint NWORDS_ORDER; // Number of words of oA and oB, where oA and oB are the subgroup orders of Alice and Bob, resp. + protected uint NWORDS64_ORDER; // Number of 64-bit words of a x-bit element + protected internal uint MAXBITS_ORDER; + protected internal uint ALICE; + protected internal uint BOB; + protected internal uint OALICE_BITS; + protected internal uint OBOB_BITS; + protected internal uint OBOB_EXPON; + protected internal uint MASK_ALICE; + protected internal uint MASK_BOB; + protected uint PARAM_A; + protected uint PARAM_C; + + // Fixed parameters for isogeny tree computation + protected internal uint MAX_INT_POINTS_ALICE; + protected internal uint MAX_INT_POINTS_BOB; + protected internal uint MAX_Alice; + protected internal uint MAX_Bob; + protected internal uint MSG_BYTES; + protected internal uint SECRETKEY_A_BYTES; + protected internal uint SECRETKEY_B_BYTES; + protected internal uint FP2_ENCODED_BYTES; + + protected bool COMPRESS; + + // Compressed Parameters + protected internal uint MASK2_BOB; + protected internal uint MASK3_BOB; + protected internal uint ORDER_A_ENCODED_BYTES; + protected internal uint ORDER_B_ENCODED_BYTES; + protected internal uint PARTIALLY_COMPRESSED_CHUNK_CT; + protected uint COMPRESSED_CHUNK_CT; + protected uint UNCOMPRESSEDPK_BYTES; + // Table sizes used by the Entangled basis generation + protected uint TABLE_R_LEN; + protected internal uint TABLE_V_LEN; + protected uint TABLE_V3_LEN; + // Parameters for discrete log computations + // Binary Pohlig-Hellman reduced to smaller logs of order ell^W + protected internal uint W_2; + protected internal uint W_3; + // ell^w + protected internal uint ELL2_W; + protected internal uint ELL3_W; + // ell^(e mod w) + protected internal uint ELL2_EMODW; + protected internal uint ELL3_EMODW; + // # of digits in the discrete log + protected internal uint DLEN_2; // ceil(eA/W_2) + protected internal uint DLEN_3; // ceil(eB/W_3) + // Use compressed tables: FULL_SIGNED + + + // Encoding of field elements + protected internal uint PLEN_2; + protected internal uint PLEN_3; + + protected internal ulong[] PRIME; + protected internal ulong[] PRIMEx2; + protected internal ulong[] PRIMEx4; + protected internal ulong[] PRIMEp1; + protected ulong[] PRIMEx16p; + protected ulong[] PRIMEp1x64; + protected internal ulong[] Alice_order; // Order of Alice's subgroup + protected internal ulong[] Bob_order; // Order of Bob's subgroup + protected internal ulong[] A_gen; // Alice's generator values {XPA0 + XPA1*iL, XQA0 + xQA1*iL, XRA0 + XRA1*i} in GF(p^2)L, expressed in Montgomery representation + protected internal ulong[] B_gen; // Bob's generator values {XPB0L, XQB0L, XRB0 + XRB1*i} in GF(p^2)L, expressed in Montgomery representation + protected internal ulong[] Montgomery_R2; // Montgomery constant Montgomery_R2 = (2^448)^2 mod p434 + protected internal ulong[] Montgomery_one; // Value one in Montgomery representation + + // Fixed parameters for isogeny tree computation + protected internal uint[] strat_Alice; + protected internal uint[] strat_Bob; + + //Compressed Encodings + //todo: abstract this more? + protected internal ulong[] XQB3; + protected internal ulong[] A_basis_zero; + protected ulong[] B_basis_zero; + protected internal ulong[] B_gen_3_tors; + protected internal ulong[] g_R_S_im; + protected ulong[] g_phiR_phiS_re; + protected ulong[] g_phiR_phiS_im; + protected ulong[] Montgomery_R; + protected internal ulong[] Montgomery_RB1; + protected internal ulong[] Montgomery_RB2; + protected ulong[] threeinv; + protected internal uint[] ph2_path; + protected internal uint[] ph3_path; + protected ulong[] u_entang; + protected ulong[] u0_entang; + protected internal ulong[][] table_r_qr; + protected internal ulong[][] table_r_qnr; + protected internal ulong[][] table_v_qr; + protected internal ulong[][] table_v_qnr; + protected internal ulong[][][] v_3_torsion; + + protected internal ulong[] T_tate3; + protected internal ulong[] T_tate2_firststep_P; + protected internal ulong[] T_tate2_P; + protected internal ulong[] T_tate2_firststep_Q; + protected internal ulong[] T_tate2_Q; + + ///Compressed Dlogs + protected internal ulong[] ph2_T; + protected internal ulong[] ph2_T1; + protected internal ulong[] ph2_T2; + protected internal ulong[] ph3_T; + protected internal ulong[] ph3_T1; + protected internal ulong[] ph3_T2; + + + static protected uint[] ReadIntsFromProperty(string key, uint intSize) + { + uint[] ints = new uint[intSize]; + string s = _props[key]; + uint i = 0; + foreach (string number in s.Split(',')) + { + ints[i] = UInt32.Parse(number); + i++; + } + return ints; + } - static protected ulong[] ReadFromProperty(string key, uint ulongSize) - { - string s = _props[key]; - s = s.Replace(",", ""); - byte[] bytes = Hex.Decode(s); - ulong[] ulongs = new ulong[ulongSize]; - for (int i = 0; i < bytes.Length / 8; i++) - { - ulongs[i] = Pack.BE_To_UInt64(bytes, i * 8); - } - return ulongs; - } + static protected ulong[] ReadFromProperty(string key, uint ulongSize) + { + string s = _props[key]; + s = s.Replace(",", ""); + byte[] bytes = Hex.Decode(s); + ulong[] ulongs = new ulong[ulongSize]; + for (int i = 0; i < bytes.Length / 8; i++) + { + ulongs[i] = Pack.BE_To_UInt64(bytes, i * 8); + } + return ulongs; + } - static protected ulong[][] ReadFromProperty(string key, uint d1Size, uint d2Size) - { - string s = _props[key]; - s = s.Replace(",", ""); - byte[] bytes = Hex.Decode(s); - ulong[][] ulongs = new ulong[d1Size][]; //[d2Size]; - for (int k = 0; k < d1Size; k++) - { - ulongs[k] = new ulong[d2Size]; - } - uint i, j; - for (uint x = 0; x < bytes.Length / 8; x++) - { - i = x/d2Size; - j = x%d2Size; - ulongs[i][j] = Pack.BE_To_UInt64(bytes, (int)x * 8); - } - return ulongs; - } + static protected ulong[][] ReadFromProperty(string key, uint d1Size, uint d2Size) + { + string s = _props[key]; + s = s.Replace(",", ""); + byte[] bytes = Hex.Decode(s); + ulong[][] ulongs = new ulong[d1Size][]; //[d2Size]; + for (int k = 0; k < d1Size; k++) + { + ulongs[k] = new ulong[d2Size]; + } + uint i, j; + for (uint x = 0; x < bytes.Length / 8; x++) + { + i = x/d2Size; + j = x%d2Size; + ulongs[i][j] = Pack.BE_To_UInt64(bytes, (int)x * 8); + } + return ulongs; + } - static protected ulong[][][] ReadFromProperty(string key, uint d1Size, uint d2Size, uint d3Size) + static protected ulong[][][] ReadFromProperty(string key, uint d1Size, uint d2Size, uint d3Size) + { + string s = _props[key]; + s = s.Replace(",", ""); + byte[] bytes = Hex.Decode(s); + ulong[][][] ulongs = new ulong[d1Size][][]; //[d2Size][d3Size]; + for (int l = 0; l < d1Size; l++) + { + ulongs[l] = new ulong[d2Size][]; + for (int m = 0; m < d2Size; m++) { - string s = _props[key]; - s = s.Replace(",", ""); - byte[] bytes = Hex.Decode(s); - ulong[][][] ulongs = new ulong[d1Size][][]; //[d2Size][d3Size]; - for (int l = 0; l < d1Size; l++) - { - ulongs[l] = new ulong[d2Size][]; - for (int m = 0; m < d2Size; m++) - { - ulongs[l][m] = new ulong[d3Size]; - } - } - - uint i, j, k; - for (uint x = 0; x < bytes.Length / 8; x++) - { - i = x/(d2Size * d3Size); - j = x%(d2Size * d3Size)/d3Size; - k = x % d3Size; - ulongs[i][j][k] = Pack.BE_To_UInt64(bytes, (int)x * 8); - } - return ulongs; + ulongs[l][m] = new ulong[d3Size]; } - - + } + + uint i, j, k; + for (uint x = 0; x < bytes.Length / 8; x++) + { + i = x/(d2Size * d3Size); + j = x%(d2Size * d3Size)/d3Size; + k = x % d3Size; + ulongs[i][j][k] = Pack.BE_To_UInt64(bytes, (int)x * 8); + } + return ulongs; } - -} \ No newline at end of file + } +} diff --git a/crypto/src/pqc/crypto/sike/Isogeny.cs b/crypto/src/pqc/crypto/sike/Isogeny.cs index fc2b3e5ca..2d0ef1473 100644 --- a/crypto/src/pqc/crypto/sike/Isogeny.cs +++ b/crypto/src/pqc/crypto/sike/Isogeny.cs @@ -1,25 +1,25 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike { - internal class Isogeny +internal sealed class Isogeny { - SIKEEngine engine; + private readonly SikeEngine engine; - internal Isogeny(SIKEEngine engine) + internal Isogeny(SikeEngine engine) { this.engine = engine; } - + // Doubling of a Montgomery point in projective coordinates (X:Z) over affine curve coefficient A. // Input: projective Montgomery x-coordinates P = (X1:Z1), where x1=X1/Z1 and Montgomery curve constants (A+2)/4. // Output: projective Montgomery x-coordinates Q = 2*P = (X2:Z2). protected internal void Double(PointProj P, PointProj Q, ulong[][] A24, uint k) { - ulong[][] temp = Utils.InitArray(2, engine.param.NWORDS_FIELD), - a = Utils.InitArray(2, engine.param.NWORDS_FIELD), - b = Utils.InitArray(2, engine.param.NWORDS_FIELD), - c = Utils.InitArray(2, engine.param.NWORDS_FIELD), - aa = Utils.InitArray(2, engine.param.NWORDS_FIELD), - bb = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] temp = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + a = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + b = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + c = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + aa = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + bb = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2copy(P.X, Q.X); engine.fpx.fp2copy(P.Z, Q.Z); @@ -39,15 +39,15 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike protected internal void CompleteMPoint(ulong[][] A, PointProj P, PointProjFull R) { // Given an xz-only representation on a montgomery curve, compute its affine representation - ulong[][] zero = Utils.InitArray(2, engine.param.NWORDS_FIELD), - one = Utils.InitArray(2, engine.param.NWORDS_FIELD), - xz = Utils.InitArray(2, engine.param.NWORDS_FIELD), - yz = Utils.InitArray(2, engine.param.NWORDS_FIELD), - s2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - r2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - invz = Utils.InitArray(2, engine.param.NWORDS_FIELD), - temp0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - temp1 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] zero = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + one = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + xz = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + yz = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + s2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + r2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + invz = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + temp0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + temp1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fpcopy(engine.param.Montgomery_one,0, one[0]); @@ -83,7 +83,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike { PointProj R0 = new PointProj(engine.param.NWORDS_FIELD), R1 = new PointProj(engine.param.NWORDS_FIELD); - ulong[][] A24 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); uint bit = 0; ulong mask; int j, swap, prevbit = 0; @@ -132,9 +132,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: projective Montgomery points P <- 2*P = (X2P:Z2P) such that x(2P)=X2P/Z2P, and Q <- P+Q = (XQP:ZQP) such that = x(Q+P)=XQP/ZQP. private void xDBLADD_proj(PointProj P, PointProj Q, ulong[][] XPQ, ulong[][] ZPQ, ulong[][] A24) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2add(P.X, P.Z, t0); // t0 = XP+ZP @@ -164,12 +164,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: projective Montgomery x-coordinates Q = 2*P = (X2:Z2). private void xDBL_e(PointProj P, PointProj Q, ulong[][] A24, int e) { - ulong[][] temp = Utils.InitArray(2, engine.param.NWORDS_FIELD), - a = Utils.InitArray(2, engine.param.NWORDS_FIELD), - b = Utils.InitArray(2, engine.param.NWORDS_FIELD), - c = Utils.InitArray(2, engine.param.NWORDS_FIELD), - aa = Utils.InitArray(2, engine.param.NWORDS_FIELD), - bb = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] temp = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + a = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + b = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + c = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + aa = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + bb = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2copy(P.X,Q.X); @@ -209,10 +209,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: projective Montgomery x-coordinates Q = 3*P = (X3:Z3). private void xTPL_fast(PointProj P, PointProj Q, ulong[][] A2) { - ulong[][] t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t3 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t4 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t3 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t4 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2sqr_mont(P.X, t1); // t1 = x^2 @@ -242,7 +242,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike { PointProj R0 = new PointProj(engine.param.NWORDS_FIELD), R2 = new PointProj(engine.param.NWORDS_FIELD); - ulong[][] A24 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); ulong mask; uint i, nbits, bit, swap, prevbit = 0; @@ -289,14 +289,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Complete point on A = 0 curve protected internal void CompletePoint(PointProj P, PointProjFull R) { - ulong[][] xz = Utils.InitArray(2, engine.param.NWORDS_FIELD), - s2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - r2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - yz = Utils.InitArray(2, engine.param.NWORDS_FIELD), - invz = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - one = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] xz = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + s2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + r2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + yz = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + invz = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + one = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fpcopy(engine.param.Montgomery_one, 0, one[0]); engine.fpx.fp2mul_mont(P.X, P.Z, xz); @@ -346,9 +346,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: projective Montgomery points P <- 2*P = (X2P:Z2P) such that x(2P)=X2P/Z2P, and Q <- P+Q = (XQP:ZQP) such that = x(Q+P)=XQP/ZQP. protected internal void xDBLADD(PointProj P, PointProj Q, ulong[][] xPQ, ulong[][] A24) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.mp2_add(P.X, P.Z, t0); // t0 = XP+ZP engine.fpx.mp2_sub_p2(P.X, P.Z, t1); // t1 = XP-ZP @@ -389,8 +389,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: projective Montgomery x-coordinates Q = 2*P = (X2:Z2). protected void xDBL(PointProj P, PointProj Q, ulong[][] A24plus, ulong[][] C24) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.mp2_sub_p2(P.X, P.Z, t0); // t0 = X1-Z1 engine.fpx.mp2_add(P.X, P.Z, t1); // t1 = X1+Z1 @@ -409,13 +409,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: projective Montgomery x-coordinates Q = 3*P = (X3:Z3). private void xTPL(PointProj P, PointProj Q, ulong[][] A24minus, ulong[][] A24plus) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t3 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t4 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t5 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t6 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t3 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t4 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t5 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t6 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.mp2_sub_p2(P.X, P.Z, t0); // t0 = X-Z engine.fpx.fp2sqr_mont(t0, t2); // t2 = (X-Z)^2 @@ -459,9 +459,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: the coefficient A corresponding to the curve E_A: y^2=x^3+A*x^2+x. protected internal void get_A(ulong[][] xP, ulong[][] xQ, ulong[][] xR, ulong[][] A) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - one = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + one = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fpcopy(engine.param.Montgomery_one, 0, one[0]); engine.fpx.fp2add(xP, xQ, t1); // t1 = xP+xQ @@ -484,8 +484,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: j=256*(A^2-3*C^2)^3/(C^4*(A^2-4*C^2)), which is the j-invariant of the Montgomery curve B*y^2=x^3+(A/C)*x^2+x or (equivalently) j-invariant of B'*y^2=C*x^3+A*x^2+C*x. protected internal void j_inv(ulong[][] A, ulong[][] C, ulong[][] jinv) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2sqr_mont(A, jinv); // jinv = A^2 engine.fpx.fp2sqr_mont(C, t1); // t1 = C^2 @@ -512,11 +512,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: the 3-isogenous Montgomery curve with projective coefficient A/C. protected internal void get_3_isog(PointProj P, ulong[][] A24minus, ulong[][] A24plus, ulong[][][] coeff) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t3 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t4 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t3 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t4 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.mp2_sub_p2(P.X, P.Z, coeff[0]); // coeff0 = X-Z engine.fpx.fp2sqr_mont(coeff[0], t0); // t0 = (X-Z)^2 @@ -542,9 +542,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: the projective point Q <- phi(Q) = (X3:Z3). protected internal void eval_3_isog(PointProj Q, ulong[][][] coeff) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.mp2_add(Q.X, Q.Z, t0); // t0 = X+Z engine.fpx.mp2_sub_p2(Q.X, Q.Z, t1); // t1 = X-Z @@ -563,10 +563,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: 1/z1,1/z2,1/z3 (override inputs). protected internal void inv_3_way(ulong[][] z1, ulong[][] z2, ulong[][] z3) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t3 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t3 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2mul_mont(z1, z2, t0); // t0 = z1*z2 engine.fpx.fp2mul_mont(z3, t0, t1); // t1 = z1*z2*z3 @@ -593,10 +593,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: the projective point P = phi(P) = (X:Z) in the codomain. protected internal void eval_2_isog(PointProj P, PointProj Q) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t3 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t3 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.mp2_add(Q.X, Q.Z, t0); // t0 = X2+Z2 engine.fpx.mp2_sub_p2(Q.X, Q.Z, t1); // t1 = X2-Z2 @@ -633,8 +633,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike // Output: the projective point P = phi(P) = (X:Z) in the codomain. protected internal void eval_4_isog(PointProj P, ulong[][][] coeff) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.mp2_add(P.X, P.Z, t0); // t0 = X+Z engine.fpx.mp2_sub_p2(P.X, P.Z, t1); // t1 = X-Z diff --git a/crypto/src/pqc/crypto/sike/PointProj.cs b/crypto/src/pqc/crypto/sike/PointProj.cs index 4f6e8b882..a9c82c249 100644 --- a/crypto/src/pqc/crypto/sike/PointProj.cs +++ b/crypto/src/pqc/crypto/sike/PointProj.cs @@ -1,14 +1,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike { -internal class PointProj -{ - internal PointProj(uint nwords_field) + internal sealed class PointProj { - X = Utils.InitArray(2, nwords_field); - Z = Utils.InitArray(2, nwords_field); + internal PointProj(uint nwords_field) + { + X = SikeUtilities.InitArray(2, nwords_field); + Z = SikeUtilities.InitArray(2, nwords_field); + } + internal ulong[][] X; + internal ulong[][] Z; } - public ulong[][] X; - public ulong[][] Z; } - -} \ No newline at end of file diff --git a/crypto/src/pqc/crypto/sike/PointProjFull.cs b/crypto/src/pqc/crypto/sike/PointProjFull.cs index 4e717f31a..8153d9c38 100644 --- a/crypto/src/pqc/crypto/sike/PointProjFull.cs +++ b/crypto/src/pqc/crypto/sike/PointProjFull.cs @@ -1,15 +1,15 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike { -internal class PointProjFull -{ - internal PointProjFull(uint nwords_field) + internal sealed class PointProjFull { - X = Utils.InitArray(2, nwords_field); - Y = Utils.InitArray(2, nwords_field); - Z = Utils.InitArray(2, nwords_field); + internal PointProjFull(uint nwords_field) + { + X = SikeUtilities.InitArray(2, nwords_field); + Y = SikeUtilities.InitArray(2, nwords_field); + Z = SikeUtilities.InitArray(2, nwords_field); + } + internal ulong[][] X; + internal ulong[][] Y; + internal ulong[][] Z; } - public ulong[][] X; - public ulong[][] Y; - public ulong[][] Z; -} } diff --git a/crypto/src/pqc/crypto/sike/SIDH.cs b/crypto/src/pqc/crypto/sike/SIDH.cs index d5a86d6b1..c1d1714f6 100644 --- a/crypto/src/pqc/crypto/sike/SIDH.cs +++ b/crypto/src/pqc/crypto/sike/SIDH.cs @@ -1,10 +1,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike { -internal class SIDH +internal sealed class Sidh { - private SIKEEngine engine; + private readonly SikeEngine engine; - public SIDH(SIKEEngine engine) + public Sidh(SikeEngine engine) { this.engine = engine; } @@ -32,14 +32,14 @@ internal class SIDH PointProj[] pts = new PointProj[engine.param.MAX_INT_POINTS_BOB]; - ulong[][] XPB = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XQB = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XRB = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24plus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24minus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] XPB = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XQB = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XRB = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24plus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24minus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); - ulong[][][] coeff = Utils.InitArray(3, 2, engine.param.NWORDS_FIELD); + ulong[][][] coeff = SikeUtilities.InitArray(3, 2, engine.param.NWORDS_FIELD); uint i, row, m, index = 0, npts = 0, ii = 0; uint[] pts_index = new uint[engine.param.MAX_INT_POINTS_BOB]; ulong[] SecretKeyB = new ulong[engine.param.NWORDS_ORDER]; @@ -116,14 +116,14 @@ internal class SIDH phiR = new PointProj(engine.param.NWORDS_FIELD); PointProj[] pts = new PointProj[engine.param.MAX_INT_POINTS_ALICE]; - ulong[][] XPA = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XQA = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XRA = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24plus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - C24 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A = Utils.InitArray(2, engine.param.NWORDS_FIELD); - - ulong[][][] coeff = Utils.InitArray(3, 2, engine.param.NWORDS_FIELD); + ulong[][] XPA = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XQA = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XRA = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24plus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + C24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); + + ulong[][][] coeff = SikeUtilities.InitArray(3, 2, engine.param.NWORDS_FIELD); uint index = 0, npts = 0, ii = 0, m, i, row; uint[] pts_index = new uint[engine.param.MAX_INT_POINTS_ALICE]; ulong[] SecretKeyA = new ulong[engine.param.NWORDS_ORDER]; @@ -213,12 +213,12 @@ internal class SIDH { PointProj R = new PointProj(engine.param.NWORDS_FIELD); PointProj[] pts = new PointProj[engine.param.MAX_INT_POINTS_ALICE]; - ulong[][][] PKB = Utils.InitArray(3, 2, engine.param.NWORDS_FIELD), - coeff = Utils.InitArray(3, 2, engine.param.NWORDS_FIELD); - ulong[][] jinv = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24plus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - C24 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][][] PKB = SikeUtilities.InitArray(3, 2, engine.param.NWORDS_FIELD), + coeff = SikeUtilities.InitArray(3, 2, engine.param.NWORDS_FIELD); + ulong[][] jinv = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24plus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + C24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); uint i = 0, row = 0, m = 0, index = 0, npts = 0, ii = 0; uint[] pts_index = new uint[engine.param.MAX_INT_POINTS_ALICE]; @@ -292,13 +292,13 @@ internal class SIDH { PointProj R = new PointProj(engine.param.NWORDS_FIELD); PointProj[] pts = new PointProj[engine.param.MAX_INT_POINTS_BOB]; - ulong[][][] coeff = Utils.InitArray(3, 2, engine.param.NWORDS_FIELD), - PKB = Utils.InitArray(3, 2, engine.param.NWORDS_FIELD); + ulong[][][] coeff = SikeUtilities.InitArray(3, 2, engine.param.NWORDS_FIELD), + PKB = SikeUtilities.InitArray(3, 2, engine.param.NWORDS_FIELD); - ulong[][] jinv = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24plus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24minus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] jinv = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24plus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24minus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); uint i, row, m, index = 0, npts = 0, ii = 0; uint[] pts_index = new uint[engine.param.MAX_INT_POINTS_BOB]; ulong[] SecretKeyB = new ulong[engine.param.NWORDS_ORDER]; diff --git a/crypto/src/pqc/crypto/sike/SIDH_Compressed.cs b/crypto/src/pqc/crypto/sike/SIDH_Compressed.cs index 46a289c97..ca140aa50 100644 --- a/crypto/src/pqc/crypto/sike/SIDH_Compressed.cs +++ b/crypto/src/pqc/crypto/sike/SIDH_Compressed.cs @@ -1,17 +1,19 @@ using System; + using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Sike { -internal class SIDH_Compressed +internal sealed class SidhCompressed { - private SIKEEngine engine; + private readonly SikeEngine engine; - public SIDH_Compressed(SIKEEngine engine) + public SidhCompressed(SikeEngine engine) { this.engine = engine; } + protected void init_basis(ulong[] gen, ulong[][] XP, ulong[][] XQ, ulong[][] XR) { // Initialization of basis points @@ -104,8 +106,8 @@ internal class SIDH_Compressed N = new ulong[engine.param.NWORDS_FIELD], temp0 = new ulong[engine.param.NWORDS_FIELD], temp1 = new ulong[engine.param.NWORDS_FIELD]; - ulong[][] A = Utils.InitArray(2, engine.param.NWORDS_FIELD), - y2 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + y2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); uint t_ptr = 0; // System.out.print("a24: "); @@ -214,12 +216,12 @@ internal class SIDH_Compressed protected void BiQuad_affine(ulong[][] a24, ulong[][] x0, ulong[][] x1, PointProj R) { - ulong[][] Ap2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - aa = Utils.InitArray(2, engine.param.NWORDS_FIELD), - bb = Utils.InitArray(2, engine.param.NWORDS_FIELD), - cc = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] Ap2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + aa = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + bb = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + cc = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2add(a24, a24, Ap2); engine.fpx.fp2add(Ap2, Ap2, Ap2); // Ap2 = a+2 = 4*a24 @@ -275,7 +277,7 @@ internal class SIDH_Compressed protected void eval_dual_2_isog(ulong[][] X2, ulong[][] Z2, PointProj P) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2add(P.X, P.Z, t0); engine.fpx.fp2sub(P.X, P.Z, P.Z); @@ -288,8 +290,8 @@ internal class SIDH_Compressed protected void eval_final_dual_2_isog(PointProj P) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); ulong[] t2 = new ulong[engine.param.NWORDS_FIELD]; engine.fpx.fp2add(P.X, P.Z, t0); @@ -341,10 +343,10 @@ internal class SIDH_Compressed protected void eval_dual_4_isog(ulong[][] A24, ulong[][] C24, ulong[][][] coeff, uint coeffOffset, PointProj P) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t3 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t3 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2add(P.X, P.Z, t0); engine.fpx.fp2sub(P.X, P.Z, t1); @@ -395,8 +397,8 @@ internal class SIDH_Compressed protected void Tate3_proj(PointProjFull P, PointProjFull Q, ulong[][] gX, ulong[][] gZ) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - l1x = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + l1x = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); TripleAndParabola_proj(P, l1x, gZ); engine.fpx.fp2sub(Q.X, P.X, gX); @@ -411,7 +413,7 @@ internal class SIDH_Compressed { uint i; - ulong[][] f_ = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] f_ = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2copy(gZ, f_); engine.fpx.fpnegPRIME(f_[1]); @@ -435,8 +437,8 @@ internal class SIDH_Compressed { uint i, j; - ulong[][][] f_ = Utils.InitArray(2, 2, engine.param.NWORDS_FIELD), - finv = Utils.InitArray(2, 2, engine.param.NWORDS_FIELD); + ulong[][][] f_ = SikeUtilities.InitArray(2, 2, engine.param.NWORDS_FIELD), + finv = SikeUtilities.InitArray(2, 2, engine.param.NWORDS_FIELD); for(i = 0; i < 2; i++) { @@ -467,8 +469,8 @@ internal class SIDH_Compressed PointProjFull R3 = new PointProjFull(engine.param.NWORDS_FIELD), S3 = new PointProjFull(engine.param.NWORDS_FIELD); - ulong[][][] gX = Utils.InitArray(2, 2, engine.param.NWORDS_FIELD), - gZ = Utils.InitArray(2, 2, engine.param.NWORDS_FIELD); + ulong[][][] gX = SikeUtilities.InitArray(2, 2, engine.param.NWORDS_FIELD), + gZ = SikeUtilities.InitArray(2, 2, engine.param.NWORDS_FIELD); ulong[] zero = new ulong[engine.param.NWORDS_FIELD]; uint nbytes = engine.param.NWORDS_FIELD;// (((engine.param.NBITS_FIELD)+7)/8); uint alpha,beta; @@ -583,8 +585,8 @@ internal class SIDH_Compressed { PointProjFull RS3 = new PointProjFull(engine.param.NWORDS_FIELD); - ulong[][] gX = Utils.InitArray(2, engine.param.NWORDS_FIELD), - gZ = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] gX = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + gZ = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); ulong[] zero = new ulong[engine.param.NWORDS_FIELD]; uint nbytes = engine.param.NWORDS_FIELD; @@ -725,9 +727,9 @@ internal class SIDH_Compressed protected void makeDiff(PointProjFull R, PointProjFull S, PointProj D) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); uint nbytes = engine.param.NWORDS_FIELD; engine.fpx.fp2sub(R.X, S.X, t0); @@ -752,7 +754,7 @@ internal class SIDH_Compressed { PointProj D = new PointProj(engine.param.NWORDS_FIELD); - ulong[][][] xs = Utils.InitArray(2, 2, engine.param.NWORDS_FIELD); + ulong[][][] xs = SikeUtilities.InitArray(2, 2, engine.param.NWORDS_FIELD); byte[] ind = new byte[1], bit = new byte[1]; @@ -815,14 +817,14 @@ internal class SIDH_Compressed PointProj R = new PointProj(engine.param.NWORDS_FIELD); PointProj[] pts = new PointProj[engine.param.MAX_INT_POINTS_ALICE]; - ulong[][] XPA = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XQA = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XRA = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - C24 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] XPA = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XQA = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XRA = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + C24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); - ulong[][][] coeff = Utils.InitArray(5, 2, engine.param.NWORDS_FIELD); + ulong[][][] coeff = SikeUtilities.InitArray(5, 2, engine.param.NWORDS_FIELD); uint i, row, m, index = 0, npts = 0, ii = 0; uint[] pts_index = new uint[engine.param.MAX_INT_POINTS_ALICE]; @@ -1074,7 +1076,7 @@ internal class SIDH_Compressed { byte bit; uint[] rs = new uint[3]; - ulong[][] A24 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); PointProj[] Rs = new PointProj[3]; Rs[0] = new PointProj(engine.param.NWORDS_FIELD); Rs[1] = new PointProj(engine.param.NWORDS_FIELD); @@ -1159,7 +1161,7 @@ internal class SIDH_Compressed uint bit; ulong[] temp = new ulong[engine.param.NWORDS_ORDER], inv = new ulong[engine.param.NWORDS_ORDER]; - ulong[][] A = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2add(a24,a24,A); engine.fpx.fp2add(A,A,A); @@ -1233,10 +1235,10 @@ internal class SIDH_Compressed { uint[] rs = new uint[3]; int[] D = new int[engine.param.DLEN_3]; - ulong[][] a24 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] a24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); - ulong[][][][] As = Utils.InitArray(engine.param.MAX_Alice + 1, 5, 2, engine.param.NWORDS_FIELD); - ulong[][][] f = Utils.InitArray(4, 2, engine.param.NWORDS_FIELD); + ulong[][][][] As = SikeUtilities.InitArray(engine.param.MAX_Alice + 1, 5, 2, engine.param.NWORDS_FIELD); + ulong[][][] f = SikeUtilities.InitArray(4, 2, engine.param.NWORDS_FIELD); ulong[] c0 = new ulong[engine.param.NWORDS_ORDER], d0 = new ulong[engine.param.NWORDS_ORDER], c1 = new ulong[engine.param.NWORDS_ORDER], @@ -1309,9 +1311,9 @@ internal class SIDH_Compressed d0 = new ulong[engine.param.NWORDS_ORDER], c1 = new ulong[engine.param.NWORDS_ORDER], d1 = new ulong[engine.param.NWORDS_ORDER]; - ulong[][] a24 = Utils.InitArray(2, engine.param.NWORDS_FIELD); - ulong[][][] f = Utils.InitArray(4, 2, engine.param.NWORDS_FIELD); - ulong[][][][] As = Utils.InitArray(engine.param.MAX_Alice + 1, 5, 2, engine.param.NWORDS_FIELD); + ulong[][] a24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][][] f = SikeUtilities.InitArray(4, 2, engine.param.NWORDS_FIELD); + ulong[][][][] As = SikeUtilities.InitArray(engine.param.MAX_Alice + 1, 5, 2, engine.param.NWORDS_FIELD); PointProjFull[] Rs = new PointProjFull[2]; FullIsogeny_A_dual(PrivateKeyA, As, a24, 0); @@ -1331,14 +1333,14 @@ internal class SIDH_Compressed { uint i, ii = 0, row, m, index = 0, npts = 0; uint[] pts_index = new uint[engine.param.MAX_INT_POINTS_BOB]; - ulong[][] A24plus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24minus = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A24plus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24minus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); PointProj R = new PointProj(engine.param.NWORDS_FIELD); PointProj[] pts = new PointProj[engine.param.MAX_INT_POINTS_BOB]; - ulong[][] jinv = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A = Utils.InitArray(2, engine.param.NWORDS_FIELD); - ulong[][][] coeff = Utils.InitArray(3, 2, engine.param.NWORDS_FIELD); - ulong[][] param_A = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] jinv = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][][] coeff = SikeUtilities.InitArray(3, 2, engine.param.NWORDS_FIELD); + ulong[][] param_A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); PKADecompression_dual(PrivateKeyB, PKA, R, param_A); engine.fpx.fp2copy(param_A, A); @@ -1392,8 +1394,8 @@ internal class SIDH_Compressed { ulong[] s = new ulong[engine.param.NWORDS_FIELD]; ulong[][] t_ptr, - r = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t = Utils.InitArray(2, engine.param.NWORDS_FIELD); + r = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); uint t_ptrOffset = 0; // Select the correct table @@ -1457,11 +1459,11 @@ internal class SIDH_Compressed protected void RecoverY(ulong[][] A, PointProj[] xs, PointProjFull[] Rs) { - ulong[][] t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t3 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t4 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t3 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t4 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fp2mul_mont(xs[2].X, xs[1].Z, t0); engine.fpx.fp2mul_mont(xs[1].X, xs[2].Z, t1); @@ -1500,7 +1502,7 @@ internal class SIDH_Compressed { uint i; ulong[] t0 = new ulong[engine.param.NWORDS_FIELD]; - ulong[][] A6 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A6 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); PointProj[] xs = new PointProj[3]; xs[0] = new PointProj(engine.param.NWORDS_FIELD); xs[1] = new PointProj(engine.param.NWORDS_FIELD); @@ -1566,12 +1568,12 @@ internal class SIDH_Compressed PointProj R = new PointProj(engine.param.NWORDS_FIELD), Q3 = new PointProj(engine.param.NWORDS_FIELD); PointProj[] pts = new PointProj[engine.param.MAX_INT_POINTS_BOB]; - ulong[][] XPB = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XQB = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XRB = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24plus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24minus = Utils.InitArray(2, engine.param.NWORDS_FIELD); - ulong[][][] coeff = Utils.InitArray(3, 2, engine.param.NWORDS_FIELD); + ulong[][] XPB = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XQB = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XRB = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24plus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24minus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][][] coeff = SikeUtilities.InitArray(3, 2, engine.param.NWORDS_FIELD); uint i, row, m, index = 0, npts = 0, ii = 0; uint[] pts_index = new uint[engine.param.MAX_INT_POINTS_BOB]; ulong[] SecretKeyB = new ulong[engine.param.NWORDS_ORDER]; @@ -1663,8 +1665,8 @@ internal class SIDH_Compressed protected void BuildEntangledXonly_Decomp(ulong[][] A, PointProj[] R, uint qnr, uint ind) { ulong[][] t_ptr, - r = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t = Utils.InitArray(2, engine.param.NWORDS_FIELD); + r = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); // Select the correct table if ( qnr == 1 ) @@ -1716,8 +1718,8 @@ internal class SIDH_Compressed { ulong mask = unchecked((ulong) -1L); uint qnr, ind; - ulong[][] A24 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - Adiv2 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + Adiv2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); ulong[] tmp1 = new ulong[2*engine.param.NWORDS_ORDER], tmp2 = new ulong[2*engine.param.NWORDS_ORDER], @@ -1879,7 +1881,7 @@ internal class SIDH_Compressed ulong mask = unchecked((ulong) -1L); uint bit,qnr,ind; - ulong[][] A24 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); ulong[] tmp1 = new ulong[2*engine.param.NWORDS_ORDER], tmp2 = new ulong[2*engine.param.NWORDS_ORDER], vone = new ulong[2*engine.param.NWORDS_ORDER], @@ -1996,9 +1998,9 @@ internal class SIDH_Compressed d0 = new ulong[engine.param.NWORDS_ORDER], c1 = new ulong[engine.param.NWORDS_ORDER], d1 = new ulong[engine.param.NWORDS_ORDER]; - ulong[][][][] Ds = Utils.InitArray(engine.param.MAX_Bob, 2, 2, engine.param.NWORDS_FIELD); - ulong[][][] f = Utils.InitArray(4, 2, engine.param.NWORDS_FIELD); - ulong[][] A = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][][][] Ds = SikeUtilities.InitArray(engine.param.MAX_Bob, 2, 2, engine.param.NWORDS_FIELD); + ulong[][][] f = SikeUtilities.InitArray(4, 2, engine.param.NWORDS_FIELD); + ulong[][] A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); PointProjFull[] Rs = new PointProjFull[2]; Rs[0] = new PointProjFull(engine.param.NWORDS_FIELD); @@ -2122,15 +2124,15 @@ internal class SIDH_Compressed { uint i, ii = 0, row, m, index = 0, npts = 0; uint[] pts_index = new uint[engine.param.MAX_INT_POINTS_ALICE]; - ulong[][] A24plus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - C24 = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] A24plus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + C24 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); PointProj R = new PointProj(engine.param.NWORDS_FIELD); PointProj[] pts = new PointProj[engine.param.MAX_INT_POINTS_ALICE]; - ulong[][] jinv = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A = Utils.InitArray(2, engine.param.NWORDS_FIELD), - param_A = Utils.InitArray(2, engine.param.NWORDS_FIELD); - ulong[][][] coeff = Utils.InitArray(5, 2, engine.param.NWORDS_FIELD); + ulong[][] jinv = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + param_A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][][] coeff = SikeUtilities.InitArray(5, 2, engine.param.NWORDS_FIELD); if (sike == 1) @@ -2216,16 +2218,16 @@ internal class SIDH_Compressed PointProj R = new PointProj(engine.param.NWORDS_FIELD), S = new PointProj(engine.param.NWORDS_FIELD); - ulong[][] XPB = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XQB = Utils.InitArray(2, engine.param.NWORDS_FIELD), - XRB = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24plus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A24minus = Utils.InitArray(2, engine.param.NWORDS_FIELD), - A = Utils.InitArray(2, engine.param.NWORDS_FIELD), - comp1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - comp2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - one = Utils.InitArray(2, engine.param.NWORDS_FIELD); - ulong[][][] coeff = Utils.InitArray(3, 2, engine.param.NWORDS_FIELD);; + ulong[][] XPB = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XQB = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + XRB = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24plus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A24minus = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + A = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + comp1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + comp2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + one = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][][] coeff = SikeUtilities.InitArray(3, 2, engine.param.NWORDS_FIELD);; uint i, row, m, index = 0, npts = 0, ii = 0; uint[] pts_index = new uint[engine.param.MAX_INT_POINTS_BOB]; @@ -2455,8 +2457,8 @@ internal class SIDH_Compressed void Traverse_w_notdiv_e_fullsigned(ulong[][] r, uint j, uint k, uint z, uint[] P, ulong[] CT1, ulong[] CT2, int[] D, uint Dlen, uint ell, uint ellw, uint ell_emodw, uint w, uint e) { - ulong[][] rp = Utils.InitArray(2, engine.param.NWORDS_FIELD), - alpha = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] rp = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + alpha = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); if (z > 1) @@ -2633,8 +2635,8 @@ internal class SIDH_Compressed // Assume the integer w divides the exponent e void Traverse_w_div_e_fullsigned(ulong[][] r, uint j, uint k, uint z, uint[] P, ulong[] CT, int[] D, uint Dlen, uint ellw, uint w) { - ulong[][] rp = Utils.InitArray(2, engine.param.NWORDS_FIELD), - alpha = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] rp = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + alpha = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); if (z > 1) { @@ -2729,18 +2731,18 @@ internal class SIDH_Compressed x23 = new ulong[engine.param.NWORDS_FIELD], x2p3 = new ulong[engine.param.NWORDS_FIELD]; - ulong[][][] xQ2s = Utils.InitArray(t_points, 2, engine.param.NWORDS_FIELD), - finv = Utils.InitArray(2*t_points, 2, engine.param.NWORDS_FIELD); - ulong[][] one = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t2 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t3 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t4 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t5 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - g = Utils.InitArray(2, engine.param.NWORDS_FIELD), - h = Utils.InitArray(2, engine.param.NWORDS_FIELD), - tf = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][][] xQ2s = SikeUtilities.InitArray(t_points, 2, engine.param.NWORDS_FIELD), + finv = SikeUtilities.InitArray(2*t_points, 2, engine.param.NWORDS_FIELD); + ulong[][] one = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t2 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t3 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t4 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t5 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + g = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + h = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + tf = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); engine.fpx.fpcopy(engine.param.Montgomery_one, 0, one[0]); @@ -2919,7 +2921,7 @@ internal class SIDH_Compressed private void final_exponentiation_3_torsion(ulong[][] f, ulong[][] finv, ulong[][] fout) { ulong[] one = new ulong[engine.param.NWORDS_FIELD]; - ulong[][] temp = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] temp = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); uint i; engine.fpx.fpcopy(engine.param.Montgomery_one, 0, one); @@ -2938,16 +2940,16 @@ internal class SIDH_Compressed private void Tate2_pairings(PointProj P, PointProj Q, PointProjFull[] Qj, ulong[][][] f) { ulong[] x, y, x_, y_, l1; - ulong[][][] finv = Utils.InitArray(2 * t_points, 2, engine.param.NWORDS_FIELD); + ulong[][][] finv = SikeUtilities.InitArray(2 * t_points, 2, engine.param.NWORDS_FIELD); ulong[][] x_first, y_first, - one = Utils.InitArray(2, engine.param.NWORDS_FIELD), - l1_first = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t0 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - t1 = Utils.InitArray(2, engine.param.NWORDS_FIELD), - g = Utils.InitArray(2, engine.param.NWORDS_FIELD), - h = Utils.InitArray(2, engine.param.NWORDS_FIELD); + one = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + l1_first = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t0 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + t1 = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + g = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD), + h = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); uint x_Offset, y_Offset, l1Offset, xOffset, yOffset; @@ -3141,7 +3143,7 @@ internal class SIDH_Compressed private void final_exponentiation_2_torsion(ulong[][] f, ulong[][] finv, ulong[][] fout) { ulong[] one = new ulong[engine.param.NWORDS_FIELD]; - ulong[][] temp = Utils.InitArray(2, engine.param.NWORDS_FIELD); + ulong[][] temp = SikeUtilities.InitArray(2, engine.param.NWORDS_FIELD); uint i; engine.fpx.fpcopy(engine.param.Montgomery_one, 0, one); diff --git a/crypto/src/pqc/crypto/sike/SIKEEngine.cs b/crypto/src/pqc/crypto/sike/SIKEEngine.cs index e7b218589..6a825fe44 100644 --- a/crypto/src/pqc/crypto/sike/SIKEEngine.cs +++ b/crypto/src/pqc/crypto/sike/SIKEEngine.cs @@ -4,16 +4,15 @@ using Org.BouncyCastle.Security; namespace Org.BouncyCastle.Pqc.Crypto.Sike { - -internal class SIKEEngine +internal sealed class SikeEngine { - private SecureRandom random; - + //private readonly SecureRandom random; + protected internal Internal param; protected internal Isogeny isogeny; protected internal Fpx fpx; - private SIDH sidh; - private SIDH_Compressed sidhCompressed; + private Sidh sidh; + private SidhCompressed sidhCompressed; private bool isCompressed; public uint GetDefaultSessionKeySize() @@ -35,9 +34,9 @@ internal class SIKEEngine { return param.CRYPTO_PUBLICKEYBYTES; } - public SIKEEngine(int ver, bool isCompressed, SecureRandom random) + public SikeEngine(int ver, bool isCompressed, SecureRandom random) { - this.random = random; + //this.random = random; this.isCompressed = isCompressed; //todo switch for different parameters switch(ver) @@ -62,9 +61,9 @@ internal class SIKEEngine isogeny = new Isogeny(this); if(isCompressed) { - sidhCompressed = new SIDH_Compressed(this); + sidhCompressed = new SidhCompressed(this); } - sidh = new SIDH(this); + sidh = new Sidh(this); } // SIKE's key generation diff --git a/crypto/src/pqc/crypto/sike/SIKEKEMExtractor.cs b/crypto/src/pqc/crypto/sike/SIKEKEMExtractor.cs index 144b4649f..3c523ba8c 100644 --- a/crypto/src/pqc/crypto/sike/SIKEKEMExtractor.cs +++ b/crypto/src/pqc/crypto/sike/SIKEKEMExtractor.cs @@ -1,43 +1,42 @@ -using Org.BouncyCastle.Crypto; using System; +using Org.BouncyCastle.Crypto; + namespace Org.BouncyCastle.Pqc.Crypto.Sike { - public class SIKEKEMExtractor + public sealed class SikeKemExtractor : IEncapsulatedSecretExtractor { - private SIKEEngine engine; - - private SIKEKeyParameters key; - - public SIKEKEMExtractor(SIKEPrivateKeyParameters privParams) - { - this.key = privParams; - InitCipher(key.GetParameters()); - } - - private void InitCipher(SIKEParameters param) - { - engine = param.GetEngine(); - SIKEPrivateKeyParameters privateParams = (SIKEPrivateKeyParameters)key; - //todo: add compression check - } - - public byte[] ExtractSecret(byte[] encapsulation) - { - return ExtractSecret(encapsulation, engine.GetDefaultSessionKeySize()); - } - - public byte[] ExtractSecret(byte[] encapsulation, uint sessionKeySizeInBits) - { + private readonly SikeKeyParameters key; + + private SikeEngine engine; + + public SikeKemExtractor(SikePrivateKeyParameters privParams) + { + this.key = privParams; + InitCipher(key.Parameters); + } + + private void InitCipher(SikeParameters param) + { + engine = param.Engine; + SikePrivateKeyParameters privateParams = (SikePrivateKeyParameters)key; + //todo: add compression check + } + + public byte[] ExtractSecret(byte[] encapsulation) + { + return ExtractSecret(encapsulation, engine.GetDefaultSessionKeySize()); + } + + public byte[] ExtractSecret(byte[] encapsulation, uint sessionKeySizeInBits) + { Console.Error.WriteLine("WARNING: the SIKE algorithm is only for research purposes, insecure"); - byte[] session_key = new byte[sessionKeySizeInBits / 8]; - engine.crypto_kem_dec(session_key, encapsulation, ((SIKEPrivateKeyParameters)key).GetPrivateKey()); - return session_key; - } + byte[] session_key = new byte[sessionKeySizeInBits / 8]; + engine.crypto_kem_dec(session_key, encapsulation, ((SikePrivateKeyParameters)key).GetPrivateKey()); + return session_key; + } public int EncapsulationLength => (int)engine.GetCipherTextSize(); - } - -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sike/SIKEKEMGenerator.cs b/crypto/src/pqc/crypto/sike/SIKEKEMGenerator.cs index cf98a0696..76689496f 100644 --- a/crypto/src/pqc/crypto/sike/SIKEKEMGenerator.cs +++ b/crypto/src/pqc/crypto/sike/SIKEKEMGenerator.cs @@ -1,40 +1,39 @@ +using System; + using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Pqc.Crypto.Utilities; using Org.BouncyCastle.Security; -using System; namespace Org.BouncyCastle.Pqc.Crypto.Sike { -public class SIKEKEMGenerator - : IEncapsulatedSecretGenerator -{ - // the source of randomness - private SecureRandom sr; - - - public SIKEKEMGenerator(SecureRandom random) + public sealed class SikeKemGenerator + : IEncapsulatedSecretGenerator { - this.sr = random; - } + // the source of randomness + private readonly SecureRandom sr; - public ISecretWithEncapsulation GenerateEncapsulated(AsymmetricKeyParameter recipientKey) - { - SIKEPublicKeyParameters key = (SIKEPublicKeyParameters)recipientKey; - SIKEEngine engine = key.GetParameters().GetEngine(); + public SikeKemGenerator(SecureRandom random) + { + this.sr = CryptoServicesRegistrar.GetSecureRandom(random); + } - return GenerateEncapsulated(recipientKey, engine.GetDefaultSessionKeySize()); - } + public ISecretWithEncapsulation GenerateEncapsulated(AsymmetricKeyParameter recipientKey) + { + SikePublicKeyParameters key = (SikePublicKeyParameters)recipientKey; + SikeEngine engine = key.Parameters.Engine; - public ISecretWithEncapsulation GenerateEncapsulated(AsymmetricKeyParameter recipientKey, uint sessionKeySizeInBits) - { + return GenerateEncapsulated(recipientKey, engine.GetDefaultSessionKeySize()); + } + + public ISecretWithEncapsulation GenerateEncapsulated(AsymmetricKeyParameter recipientKey, uint sessionKeySizeInBits) + { Console.Error.WriteLine("WARNING: the SIKE algorithm is only for research purposes, insecure"); - SIKEPublicKeyParameters key = (SIKEPublicKeyParameters)recipientKey; - SIKEEngine engine = key.GetParameters().GetEngine(); - byte[] cipher_text = new byte[engine.GetCipherTextSize()]; - byte[] sessionKey = new byte[sessionKeySizeInBits / 8]; - engine.crypto_kem_enc(cipher_text, sessionKey, key.GetPublicKey(), sr); - return new SecretWithEncapsulationImpl(sessionKey, cipher_text); + SikePublicKeyParameters key = (SikePublicKeyParameters)recipientKey; + SikeEngine engine = key.Parameters.Engine; + byte[] cipher_text = new byte[engine.GetCipherTextSize()]; + byte[] sessionKey = new byte[sessionKeySizeInBits / 8]; + engine.crypto_kem_enc(cipher_text, sessionKey, key.GetPublicKey(), sr); + return new SecretWithEncapsulationImpl(sessionKey, cipher_text); + } } } - -} \ No newline at end of file diff --git a/crypto/src/pqc/crypto/sike/SIKEKeyGenerationParameters.cs b/crypto/src/pqc/crypto/sike/SIKEKeyGenerationParameters.cs index 669a417b2..353587637 100644 --- a/crypto/src/pqc/crypto/sike/SIKEKeyGenerationParameters.cs +++ b/crypto/src/pqc/crypto/sike/SIKEKeyGenerationParameters.cs @@ -3,23 +3,17 @@ using Org.BouncyCastle.Security; namespace Org.BouncyCastle.Pqc.Crypto.Sike { -public class SIKEKeyGenerationParameters - : KeyGenerationParameters -{ - private SIKEParameters param; - - public SIKEKeyGenerationParameters( - SecureRandom random, - SIKEParameters sikeParameters - ) - : base(random, 256) - { - this.param = sikeParameters; - } - public SIKEParameters GetParameters() + public sealed class SikeKeyGenerationParameters + : KeyGenerationParameters { - return param; + private readonly SikeParameters m_parameters; + + public SikeKeyGenerationParameters(SecureRandom random, SikeParameters sikeParameters) + : base(random, 256) + { + m_parameters = sikeParameters; + } + + public SikeParameters Parameters => m_parameters; } } - -} \ No newline at end of file diff --git a/crypto/src/pqc/crypto/sike/SIKEKeyPairGenerator.cs b/crypto/src/pqc/crypto/sike/SIKEKeyPairGenerator.cs index 3945fe8c8..3ba67faa9 100644 --- a/crypto/src/pqc/crypto/sike/SIKEKeyPairGenerator.cs +++ b/crypto/src/pqc/crypto/sike/SIKEKeyPairGenerator.cs @@ -3,30 +3,29 @@ using Org.BouncyCastle.Security; namespace Org.BouncyCastle.Pqc.Crypto.Sike { - public class SIKEKeyPairGenerator + public sealed class SikeKeyPairGenerator : IAsymmetricCipherKeyPairGenerator { - private SIKEKeyGenerationParameters sikeParams; + private SikeKeyGenerationParameters sikeParams; private SecureRandom random; private void Initialize(KeyGenerationParameters param) { - this.sikeParams = (SIKEKeyGenerationParameters) param; + this.sikeParams = (SikeKeyGenerationParameters) param; this.random = param.Random; } private AsymmetricCipherKeyPair GenKeyPair() { - SIKEEngine engine = sikeParams.GetParameters().GetEngine(); + SikeEngine engine = sikeParams.Parameters.Engine; byte[] sk = new byte[engine.GetPrivateKeySize()]; byte[] pk = new byte[engine.GetPublicKeySize()]; engine.crypto_kem_keypair(pk, sk, random); - - SIKEPublicKeyParameters pubKey = new SIKEPublicKeyParameters(sikeParams.GetParameters(), pk); - SIKEPrivateKeyParameters privKey = new SIKEPrivateKeyParameters(sikeParams.GetParameters(), sk); + SikePublicKeyParameters pubKey = new SikePublicKeyParameters(sikeParams.Parameters, pk); + SikePrivateKeyParameters privKey = new SikePrivateKeyParameters(sikeParams.Parameters, sk); return new AsymmetricCipherKeyPair(pubKey, privKey); } @@ -40,5 +39,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike return GenKeyPair(); } } - -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sike/SIKEKeyParameters.cs b/crypto/src/pqc/crypto/sike/SIKEKeyParameters.cs index 29ef6114d..5d515eb1d 100644 --- a/crypto/src/pqc/crypto/sike/SIKEKeyParameters.cs +++ b/crypto/src/pqc/crypto/sike/SIKEKeyParameters.cs @@ -2,24 +2,17 @@ using Org.BouncyCastle.Crypto; namespace Org.BouncyCastle.Pqc.Crypto.Sike { -public class SIKEKeyParameters - : AsymmetricKeyParameter -{ - private SIKEParameters param; - - public SIKEKeyParameters( - bool isPrivate, - SIKEParameters param - ) - :base(isPrivate) + public abstract class SikeKeyParameters + : AsymmetricKeyParameter { - this.param = param; - } + private readonly SikeParameters m_parameters; - public SIKEParameters GetParameters() - { - return param; + public SikeKeyParameters(bool isPrivate, SikeParameters param) + : base(isPrivate) + { + this.m_parameters = param; + } + + public SikeParameters Parameters => m_parameters; } } - -} \ No newline at end of file diff --git a/crypto/src/pqc/crypto/sike/SIKEParameters.cs b/crypto/src/pqc/crypto/sike/SIKEParameters.cs index d687871ec..3aa332341 100644 --- a/crypto/src/pqc/crypto/sike/SIKEParameters.cs +++ b/crypto/src/pqc/crypto/sike/SIKEParameters.cs @@ -1,33 +1,30 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike { -public class SIKEParameters -{ + public sealed class SikeParameters + { + public static readonly SikeParameters sikep434 = new SikeParameters(434, false, "sikep434"); + public static readonly SikeParameters sikep503 = new SikeParameters(503, false, "sikep503"); + public static readonly SikeParameters sikep610 = new SikeParameters(610, false, "sikep610"); + public static readonly SikeParameters sikep751 = new SikeParameters(751, false, "sikep751"); - public static SIKEParameters sikep434 = new SIKEParameters(434, false,"sikep434"); - public static SIKEParameters sikep503 = new SIKEParameters(503, false,"sikep503"); - public static SIKEParameters sikep610 = new SIKEParameters(610, false,"sikep610"); - public static SIKEParameters sikep751 = new SIKEParameters(751, false,"sikep751"); + public static readonly SikeParameters sikep434_compressed = new SikeParameters(434, true, "sikep434_compressed"); + public static readonly SikeParameters sikep503_compressed = new SikeParameters(503, true, "sikep503_compressed"); + public static readonly SikeParameters sikep610_compressed = new SikeParameters(610, true, "sikep610_compressed"); + public static readonly SikeParameters sikep751_compressed = new SikeParameters(751, true, "sikep751_compressed"); - public static SIKEParameters sikep434_compressed = new SIKEParameters(434, true,"sikep434_compressed"); - public static SIKEParameters sikep503_compressed = new SIKEParameters(503, true,"sikep503_compressed"); - public static SIKEParameters sikep610_compressed = new SIKEParameters(610, true,"sikep610_compressed"); - public static SIKEParameters sikep751_compressed = new SIKEParameters(751, true,"sikep751_compressed"); + private readonly string name; + private readonly SikeEngine engine; - private string name; - private SIKEEngine engine; - public SIKEParameters(int ver, bool isCompressed, string name) - { - this.name = name; - this.engine = new SIKEEngine(ver, isCompressed, null); - } + public SikeParameters(int ver, bool isCompressed, string name) + { + this.name = name; + this.engine = new SikeEngine(ver, isCompressed, null); + } - internal SIKEEngine GetEngine() - { - return engine; - } + internal SikeEngine Engine => engine; public string Name => name; + public int DefaultKeySize => (int)this.engine.GetDefaultSessionKeySize(); } - -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sike/SIKEPrivateKeyParameters.cs b/crypto/src/pqc/crypto/sike/SIKEPrivateKeyParameters.cs index e3e791e71..0666ffb72 100644 --- a/crypto/src/pqc/crypto/sike/SIKEPrivateKeyParameters.cs +++ b/crypto/src/pqc/crypto/sike/SIKEPrivateKeyParameters.cs @@ -2,26 +2,25 @@ using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Sike { -public class SIKEPrivateKeyParameters - : SIKEKeyParameters -{ - private byte[] privateKey; - - public byte[] GetPrivateKey() + public sealed class SikePrivateKeyParameters + : SikeKeyParameters { - return Arrays.Clone(privateKey); - } + private readonly byte[] privateKey; - public SIKEPrivateKeyParameters(SIKEParameters param, byte[] privateKey) - :base(true, param) - { - this.privateKey = Arrays.Clone(privateKey); - } + public SikePrivateKeyParameters(SikeParameters param, byte[] privateKey) + : base(true, param) + { + this.privateKey = Arrays.Clone(privateKey); + } - public byte[] GetEncoded() - { - return Arrays.Clone(privateKey); + public byte[] GetEncoded() + { + return Arrays.Clone(privateKey); + } + + public byte[] GetPrivateKey() + { + return Arrays.Clone(privateKey); + } } } - -} \ No newline at end of file diff --git a/crypto/src/pqc/crypto/sike/SIKEPublicKeyParameters.cs b/crypto/src/pqc/crypto/sike/SIKEPublicKeyParameters.cs index a777d7896..b567e979c 100644 --- a/crypto/src/pqc/crypto/sike/SIKEPublicKeyParameters.cs +++ b/crypto/src/pqc/crypto/sike/SIKEPublicKeyParameters.cs @@ -2,26 +2,25 @@ using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Sike { -public class SIKEPublicKeyParameters - : SIKEKeyParameters -{ - public byte[] publicKey; - - public byte[] GetPublicKey() + public sealed class SikePublicKeyParameters + : SikeKeyParameters { - return Arrays.Clone(publicKey); - } + public readonly byte[] publicKey; - public byte[] GetEncoded() - { - return GetPublicKey(); - } + public SikePublicKeyParameters(SikeParameters param, byte[] publicKey) + : base(false, param) + { + this.publicKey = Arrays.Clone(publicKey); + } - public SIKEPublicKeyParameters(SIKEParameters param, byte[] publicKey) - : base(false, param) - { - this.publicKey = Arrays.Clone(publicKey); + public byte[] GetEncoded() + { + return Arrays.Clone(publicKey); + } + + public byte[] GetPublicKey() + { + return Arrays.Clone(publicKey); + } } } - -} \ No newline at end of file diff --git a/crypto/src/pqc/crypto/sike/Utils.cs b/crypto/src/pqc/crypto/sike/SikeUtilities.cs index 013e39316..ca5ee67a0 100644 --- a/crypto/src/pqc/crypto/sike/Utils.cs +++ b/crypto/src/pqc/crypto/sike/SikeUtilities.cs @@ -1,8 +1,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike { - internal class Utils + internal static class SikeUtilities { - public static ulong[][] InitArray(uint size1, uint size2) + internal static ulong[][] InitArray(uint size1, uint size2) { ulong[][] res = new ulong[size1][]; for (int i = 0; i < size1; i++) @@ -12,8 +12,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike return res; } - - public static ulong[][][] InitArray(uint size1, uint size2, uint size3) + + internal static ulong[][][] InitArray(uint size1, uint size2, uint size3) { ulong[][][] res = new ulong[size1][][]; for (int i = 0; i < size1; i++) @@ -27,8 +27,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike return res; } - - public static ulong[][][][] InitArray(uint size1, uint size2, uint size3, uint size4) + + internal static ulong[][][][] InitArray(uint size1, uint size2, uint size3, uint size4) { ulong[][][][] res = new ulong[size1][][][]; for (int i = 0; i < size1; i++) @@ -47,4 +47,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.Sike return res; } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/sphincsplus/HarakaSBase.cs b/crypto/src/pqc/crypto/sphincsplus/HarakaSBase.cs index 5efafc1db..2134c5c73 100644 --- a/crypto/src/pqc/crypto/sphincsplus/HarakaSBase.cs +++ b/crypto/src/pqc/crypto/sphincsplus/HarakaSBase.cs @@ -3,6 +3,7 @@ using Org.BouncyCastle.Crypto.Utilities; using Org.BouncyCastle.Math.Raw; using Org.BouncyCastle.Utilities; +using Org.BouncyCastle.Utilities.Encoders; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { @@ -14,6 +15,61 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus */ internal abstract class HarakaSBase { + private static readonly byte[] RC0 = Hex.DecodeStrict("0684704ce620c00ab2c5fef075817b9d"); + private static readonly byte[] RC1 = Hex.DecodeStrict("8b66b4e188f3a06b640f6ba42f08f717"); + private static readonly byte[] RC2 = Hex.DecodeStrict("3402de2d53f28498cf029d609f029114"); + private static readonly byte[] RC3 = Hex.DecodeStrict("0ed6eae62e7b4f08bbf3bcaffd5b4f79"); + private static readonly byte[] RC4 = Hex.DecodeStrict("cbcfb0cb4872448b79eecd1cbe397044"); + private static readonly byte[] RC5 = Hex.DecodeStrict("7eeacdee6e9032b78d5335ed2b8a057b"); + private static readonly byte[] RC6 = Hex.DecodeStrict("67c28f435e2e7cd0e2412761da4fef1b"); + private static readonly byte[] RC7 = Hex.DecodeStrict("2924d9b0afcacc07675ffde21fc70b3b"); + private static readonly byte[] RC8 = Hex.DecodeStrict("ab4d63f1e6867fe9ecdb8fcab9d465ee"); + private static readonly byte[] RC9 = Hex.DecodeStrict("1c30bf84d4b7cd645b2a404fad037e33"); + private static readonly byte[] RC10 = Hex.DecodeStrict("b2cc0bb9941723bf69028b2e8df69800"); + private static readonly byte[] RC11 = Hex.DecodeStrict("fa0478a6de6f55724aaa9ec85c9d2d8a"); + private static readonly byte[] RC12 = Hex.DecodeStrict("dfb49f2b6b772a120efa4f2e29129fd4"); + private static readonly byte[] RC13 = Hex.DecodeStrict("1ea10344f449a23632d611aebb6a12ee"); + private static readonly byte[] RC14 = Hex.DecodeStrict("af0449884b0500845f9600c99ca8eca6"); + private static readonly byte[] RC15 = Hex.DecodeStrict("21025ed89d199c4f78a2c7e327e593ec"); + private static readonly byte[] RC16 = Hex.DecodeStrict("bf3aaaf8a759c9b7b9282ecd82d40173"); + private static readonly byte[] RC17 = Hex.DecodeStrict("6260700d6186b01737f2efd910307d6b"); + private static readonly byte[] RC18 = Hex.DecodeStrict("5aca45c22130044381c29153f6fc9ac6"); + private static readonly byte[] RC19 = Hex.DecodeStrict("9223973c226b68bb2caf92e836d1943a"); + private static readonly byte[] RC20 = Hex.DecodeStrict("d3bf9238225886eb6cbab958e51071b4"); + private static readonly byte[] RC21 = Hex.DecodeStrict("db863ce5aef0c677933dfddd24e1128d"); + private static readonly byte[] RC22 = Hex.DecodeStrict("bb606268ffeba09c83e48de3cb2212b1"); + private static readonly byte[] RC23 = Hex.DecodeStrict("734bd3dce2e4d19c2db91a4ec72bf77d"); + private static readonly byte[] RC24 = Hex.DecodeStrict("43bb47c361301b434b1415c42cb3924e"); + private static readonly byte[] RC25 = Hex.DecodeStrict("dba775a8e707eff603b231dd16eb6899"); + private static readonly byte[] RC26 = Hex.DecodeStrict("6df3614b3c7559778e5e23027eca472c"); + private static readonly byte[] RC27 = Hex.DecodeStrict("cda75a17d6de7d776d1be5b9b88617f9"); + private static readonly byte[] RC28 = Hex.DecodeStrict("ec6b43f06ba8e9aa9d6c069da946ee5d"); + private static readonly byte[] RC29 = Hex.DecodeStrict("cb1e6950f957332ba25311593bf327c1"); + private static readonly byte[] RC30 = Hex.DecodeStrict("2cee0c7500da619ce4ed0353600ed0d9"); + private static readonly byte[] RC31 = Hex.DecodeStrict("f0b1a5a196e90cab80bbbabc63a4a350"); + private static readonly byte[] RC32 = Hex.DecodeStrict("ae3db1025e962988ab0dde30938dca39"); + private static readonly byte[] RC33 = Hex.DecodeStrict("17bb8f38d554a40b8814f3a82e75b442"); + private static readonly byte[] RC34 = Hex.DecodeStrict("34bb8a5b5f427fd7aeb6b779360a16f6"); + private static readonly byte[] RC35 = Hex.DecodeStrict("26f65241cbe5543843ce5918ffbaafde"); + private static readonly byte[] RC36 = Hex.DecodeStrict("4ce99a54b9f3026aa2ca9cf7839ec978"); + private static readonly byte[] RC37 = Hex.DecodeStrict("ae51a51a1bdff7be40c06e2822901235"); + private static readonly byte[] RC38 = Hex.DecodeStrict("a0c1613cba7ed22bc173bc0f48a659cf"); + private static readonly byte[] RC39 = Hex.DecodeStrict("756acc03022882884ad6bdfde9c59da1"); + + private static readonly byte[][] RoundConstants = + { + RC0 , RC1 , RC2 , RC3 , + RC4 , RC5 , RC6 , RC7 , + RC8 , RC9 , RC10, RC11, + RC12, RC13, RC14, RC15, + RC16, RC17, RC18, RC19, + RC20, RC21, RC22, RC23, + RC24, RC25, RC26, RC27, + RC28, RC29, RC30, RC31, + RC32, RC33, RC34, RC35, + RC36, RC37, RC38, RC39, + }; + internal ulong[][] haraka512_rc = new ulong[][]{ new ulong[]{0x24cf0ab9086f628bL, 0xbdd6eeecc83b8382L, 0xd96fb0306cdad0a7L, 0xaace082ac8f95f89L, 0x449d8e8870d7041fL, 0x49bb2f80b2b3e2f8L, 0x0569ae98d93bb258L, 0x23dc9691e7d6a4b1L}, new ulong[]{0xd8ba10ede0fe5b6eL, 0x7ecf7dbe424c7b8eL, 0x6ea9949c6df62a31L, 0xbf3f3c97ec9c313eL, 0x241d03a196a1861eL, 0xead3a51116e5a2eaL, 0x77d479fcad9574e3L, 0x18657a1af894b7a0L}, @@ -36,6 +92,23 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { this.buffer = new byte[64]; off = 0; + + byte[] buf = new byte[640]; + byte[] tmp = new byte[16]; + for (int rc = 0; rc < 40; ++rc) + { + Arrays.Reverse(RoundConstants[rc]).CopyTo(buf, rc << 4); + } + for (int round = 0; round < 10; ++round) + { + InterleaveConstant(haraka512_rc[round], buf, round << 6); + //for (int j = 0; j < 8; ++j) + //{ + // Console.Write(haraka512_rc[round][j].ToString("X") + ", "); + //} + //Console.WriteLine(); + } + //Console.WriteLine("-----"); } protected void Reset() diff --git a/crypto/src/pqc/crypto/utils/PqcUtilities.cs b/crypto/src/pqc/crypto/utils/PqcUtilities.cs index eece55e99..ac9415b06 100644 --- a/crypto/src/pqc/crypto/utils/PqcUtilities.cs +++ b/crypto/src/pqc/crypto/utils/PqcUtilities.cs @@ -1,4 +1,3 @@ -using System; using System.Collections.Generic; using Org.BouncyCastle.Asn1; @@ -27,8 +26,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities private readonly static Dictionary<PicnicParameters, DerObjectIdentifier> picnicOids = new Dictionary<PicnicParameters, DerObjectIdentifier>(); private readonly static Dictionary<DerObjectIdentifier, PicnicParameters> picnicParams = new Dictionary<DerObjectIdentifier, PicnicParameters>(); - private readonly static Dictionary<SIKEParameters, DerObjectIdentifier> sikeOids = new Dictionary<SIKEParameters, DerObjectIdentifier>(); - private readonly static Dictionary<DerObjectIdentifier, SIKEParameters> sikeParams = new Dictionary<DerObjectIdentifier, SIKEParameters>(); + private readonly static Dictionary<SikeParameters, DerObjectIdentifier> sikeOids = new Dictionary<SikeParameters, DerObjectIdentifier>(); + private readonly static Dictionary<DerObjectIdentifier, SikeParameters> sikeParams = new Dictionary<DerObjectIdentifier, SikeParameters>(); private readonly static Dictionary<KyberParameters, DerObjectIdentifier> kyberOids = new Dictionary<KyberParameters, DerObjectIdentifier>(); private readonly static Dictionary<DerObjectIdentifier, KyberParameters> kyberParams = new Dictionary<DerObjectIdentifier, KyberParameters>(); @@ -117,23 +116,23 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities picnicParams[BCObjectIdentifiers.picnicl3full] = PicnicParameters.picnicl3full; picnicParams[BCObjectIdentifiers.picnicl5full] = PicnicParameters.picnicl5full; - sikeParams[BCObjectIdentifiers.sikep434] = SIKEParameters.sikep434; - sikeParams[BCObjectIdentifiers.sikep503] = SIKEParameters.sikep503; - sikeParams[BCObjectIdentifiers.sikep610] = SIKEParameters.sikep610; - sikeParams[BCObjectIdentifiers.sikep751] = SIKEParameters.sikep751; - sikeParams[BCObjectIdentifiers.sikep434_compressed] = SIKEParameters.sikep434_compressed; - sikeParams[BCObjectIdentifiers.sikep503_compressed] = SIKEParameters.sikep503_compressed; - sikeParams[BCObjectIdentifiers.sikep610_compressed] = SIKEParameters.sikep610_compressed; - sikeParams[BCObjectIdentifiers.sikep751_compressed] = SIKEParameters.sikep751_compressed; + sikeParams[BCObjectIdentifiers.sikep434] = SikeParameters.sikep434; + sikeParams[BCObjectIdentifiers.sikep503] = SikeParameters.sikep503; + sikeParams[BCObjectIdentifiers.sikep610] = SikeParameters.sikep610; + sikeParams[BCObjectIdentifiers.sikep751] = SikeParameters.sikep751; + sikeParams[BCObjectIdentifiers.sikep434_compressed] = SikeParameters.sikep434_compressed; + sikeParams[BCObjectIdentifiers.sikep503_compressed] = SikeParameters.sikep503_compressed; + sikeParams[BCObjectIdentifiers.sikep610_compressed] = SikeParameters.sikep610_compressed; + sikeParams[BCObjectIdentifiers.sikep751_compressed] = SikeParameters.sikep751_compressed; - sikeOids[SIKEParameters.sikep434] = BCObjectIdentifiers.sikep434; - sikeOids[SIKEParameters.sikep503] = BCObjectIdentifiers.sikep503; - sikeOids[SIKEParameters.sikep610] = BCObjectIdentifiers.sikep610; - sikeOids[SIKEParameters.sikep751] = BCObjectIdentifiers.sikep751; - sikeOids[SIKEParameters.sikep434_compressed] = BCObjectIdentifiers.sikep434_compressed; - sikeOids[SIKEParameters.sikep503_compressed] = BCObjectIdentifiers.sikep503_compressed; - sikeOids[SIKEParameters.sikep610_compressed] = BCObjectIdentifiers.sikep610_compressed; - sikeOids[SIKEParameters.sikep751_compressed] = BCObjectIdentifiers.sikep751_compressed; + sikeOids[SikeParameters.sikep434] = BCObjectIdentifiers.sikep434; + sikeOids[SikeParameters.sikep503] = BCObjectIdentifiers.sikep503; + sikeOids[SikeParameters.sikep610] = BCObjectIdentifiers.sikep610; + sikeOids[SikeParameters.sikep751] = BCObjectIdentifiers.sikep751; + sikeOids[SikeParameters.sikep434_compressed] = BCObjectIdentifiers.sikep434_compressed; + sikeOids[SikeParameters.sikep503_compressed] = BCObjectIdentifiers.sikep503_compressed; + sikeOids[SikeParameters.sikep610_compressed] = BCObjectIdentifiers.sikep610_compressed; + sikeOids[SikeParameters.sikep751_compressed] = BCObjectIdentifiers.sikep751_compressed; kyberOids[KyberParameters.kyber512] = BCObjectIdentifiers.kyber512; kyberOids[KyberParameters.kyber768] = BCObjectIdentifiers.kyber768; @@ -256,12 +255,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities { return picnicParams[oid]; } - internal static DerObjectIdentifier SikeOidLookup(SIKEParameters parameters) + internal static DerObjectIdentifier SikeOidLookup(SikeParameters parameters) { return sikeOids[parameters]; } - internal static SIKEParameters SikeParamsLookup(DerObjectIdentifier oid) + internal static SikeParameters SikeParamsLookup(DerObjectIdentifier oid) { return sikeParams[oid]; } diff --git a/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs b/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs index 9d6975742..7db65dbfb 100644 --- a/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs +++ b/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs @@ -102,9 +102,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities if (algOID.On(BCObjectIdentifiers.pqc_kem_sike)) { byte[] keyEnc = Asn1OctetString.GetInstance(keyInfo.ParsePrivateKey()).GetOctets(); - SIKEParameters sikeParams = PqcUtilities.SikeParamsLookup(keyInfo.PrivateKeyAlgorithm.Algorithm); + SikeParameters sikeParams = PqcUtilities.SikeParamsLookup(keyInfo.PrivateKeyAlgorithm.Algorithm); - return new SIKEPrivateKeyParameters(sikeParams, keyEnc); + return new SikePrivateKeyParameters(sikeParams, keyEnc); } if (algOID.On(BCObjectIdentifiers.pqc_kem_bike)) { @@ -174,9 +174,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities int version = DerInteger.GetInstance(keyEnc[0]).Value.IntValue; if (version != 0) - { throw new IOException("unknown private key version: " + version); - } if (keyInfo.PublicKeyData != null) { @@ -203,39 +201,35 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities } } if (algOID.Equals(BCObjectIdentifiers.falcon_512) || algOID.Equals(BCObjectIdentifiers.falcon_1024)) - { - Asn1Sequence keyEnc = Asn1Sequence.GetInstance(keyInfo.ParsePrivateKey()); - FalconParameters spParams = PqcUtilities.FalconParamsLookup(keyInfo.PrivateKeyAlgorithm.Algorithm); + { + Asn1Sequence keyEnc = Asn1Sequence.GetInstance(keyInfo.ParsePrivateKey()); + FalconParameters spParams = PqcUtilities.FalconParamsLookup(keyInfo.PrivateKeyAlgorithm.Algorithm); - DerBitString publicKeyData = keyInfo.PublicKeyData; - int version = DerInteger.GetInstance(keyEnc[0]).Value.IntValue; - if (version != 1) - { - throw new IOException("unknown private key version: " + version); - } + DerBitString publicKeyData = keyInfo.PublicKeyData; + int version = DerInteger.GetInstance(keyEnc[0]).Value.IntValue; + if (version != 1) + throw new IOException("unknown private key version: " + version); - if (keyInfo.PublicKeyData != null) - { - //ASN1Sequence pubKey = ASN1Sequence.getInstance(keyInfo.getPublicKeyData().getOctets()); - return new FalconPrivateKeyParameters(spParams, - Asn1OctetString.GetInstance(keyEnc[1]).GetOctets(), - Asn1OctetString.GetInstance(keyEnc[2]).GetOctets(), - Asn1OctetString.GetInstance(keyEnc[3]).GetOctets(), - publicKeyData.GetOctets()); // encT1 - } - else - { - return new FalconPrivateKeyParameters(spParams, - Asn1OctetString.GetInstance(keyEnc[1]).GetOctets(), - Asn1OctetString.GetInstance(keyEnc[2]).GetOctets(), - Asn1OctetString.GetInstance(keyEnc[3]).GetOctets(), - null); - } + if (keyInfo.PublicKeyData != null) + { + //ASN1Sequence pubKey = ASN1Sequence.getInstance(keyInfo.getPublicKeyData().getOctets()); + return new FalconPrivateKeyParameters(spParams, + Asn1OctetString.GetInstance(keyEnc[1]).GetOctets(), + Asn1OctetString.GetInstance(keyEnc[2]).GetOctets(), + Asn1OctetString.GetInstance(keyEnc[3]).GetOctets(), + publicKeyData.GetOctets()); // encT1 } - - - throw new Exception("algorithm identifier in private key not recognised"); + else + { + return new FalconPrivateKeyParameters(spParams, + Asn1OctetString.GetInstance(keyEnc[1]).GetOctets(), + Asn1OctetString.GetInstance(keyEnc[2]).GetOctets(), + Asn1OctetString.GetInstance(keyEnc[3]).GetOctets(), + null); + } + } + throw new Exception("algorithm identifier in private key not recognised"); } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs b/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs index 5e09beccc..806eae8b7 100644 --- a/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs +++ b/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs @@ -5,18 +5,18 @@ using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Pqc.Asn1; +using Org.BouncyCastle.Pqc.Crypto.Bike; using Org.BouncyCastle.Pqc.Crypto.Cmce; using Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium; using Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber; using Org.BouncyCastle.Pqc.Crypto.Falcon; +using Org.BouncyCastle.Pqc.Crypto.Hqc; using Org.BouncyCastle.Pqc.Crypto.Lms; using Org.BouncyCastle.Pqc.Crypto.Picnic; using Org.BouncyCastle.Pqc.Crypto.Saber; using Org.BouncyCastle.Pqc.Crypto.Sike; -using Org.BouncyCastle.Pqc.Crypto.Bike; using Org.BouncyCastle.Pqc.Crypto.SphincsPlus; using Org.BouncyCastle.Utilities; -using Org.BouncyCastle.Pqc.Crypto.Hqc; namespace Org.BouncyCastle.Pqc.Crypto.Utilities { @@ -55,117 +55,104 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdAlgHssLmsHashsig); return new PrivateKeyInfo(algorithmIdentifier, new DerOctetString(encoding), attributes, pubEncoding); } - if (privateKey is SphincsPlusPrivateKeyParameters) + if (privateKey is SphincsPlusPrivateKeyParameters sphincsPlusPrivateKeyParameters) { - SphincsPlusPrivateKeyParameters parameters = (SphincsPlusPrivateKeyParameters)privateKey; - - byte[] encoding = parameters.GetEncoded(); - byte[] pubEncoding = parameters.GetEncodedPublicKey(); + byte[] encoding = sphincsPlusPrivateKeyParameters.GetEncoded(); + byte[] pubEncoding = sphincsPlusPrivateKeyParameters.GetEncodedPublicKey(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.SphincsPlusOidLookup(parameters.Parameters)); + PqcUtilities.SphincsPlusOidLookup(sphincsPlusPrivateKeyParameters.Parameters)); return new PrivateKeyInfo(algorithmIdentifier, new DerOctetString(encoding), attributes, pubEncoding); } - if (privateKey is CmcePrivateKeyParameters) + if (privateKey is CmcePrivateKeyParameters cmcePrivateKeyParameters) { - CmcePrivateKeyParameters parameters = (CmcePrivateKeyParameters) privateKey; - - byte[] encoding = parameters.GetEncoded(); + byte[] encoding = cmcePrivateKeyParameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = - new AlgorithmIdentifier(PqcUtilities.McElieceOidLookup(parameters.Parameters)); + new AlgorithmIdentifier(PqcUtilities.McElieceOidLookup(cmcePrivateKeyParameters.Parameters)); - CmcePublicKey CmcePub = new CmcePublicKey(parameters.ReconstructPublicKey()); - CmcePrivateKey CmcePriv = new CmcePrivateKey(0, parameters.Delta, parameters.C, parameters.G, - parameters.Alpha, parameters.S, CmcePub); + CmcePublicKey CmcePub = new CmcePublicKey(cmcePrivateKeyParameters.ReconstructPublicKey()); + CmcePrivateKey CmcePriv = new CmcePrivateKey(0, cmcePrivateKeyParameters.Delta, + cmcePrivateKeyParameters.C, cmcePrivateKeyParameters.G, cmcePrivateKeyParameters.Alpha, + cmcePrivateKeyParameters.S, CmcePub); return new PrivateKeyInfo(algorithmIdentifier, CmcePriv, attributes); } - if (privateKey is SaberPrivateKeyParameters) + if (privateKey is SaberPrivateKeyParameters saberPrivateKeyParameters) { - SaberPrivateKeyParameters parameters = (SaberPrivateKeyParameters)privateKey; - - byte[] encoding = parameters.GetEncoded(); + byte[] encoding = saberPrivateKeyParameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.SaberOidLookup(parameters.Parameters)); + PqcUtilities.SaberOidLookup(saberPrivateKeyParameters.Parameters)); return new PrivateKeyInfo(algorithmIdentifier, new DerOctetString(encoding), attributes); } - if (privateKey is PicnicPrivateKeyParameters) + if (privateKey is PicnicPrivateKeyParameters picnicPrivateKeyParameters) { - PicnicPrivateKeyParameters parameters = (PicnicPrivateKeyParameters)privateKey; - - byte[] encoding = parameters.GetEncoded(); + byte[] encoding = picnicPrivateKeyParameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.PicnicOidLookup(parameters.Parameters)); + PqcUtilities.PicnicOidLookup(picnicPrivateKeyParameters.Parameters)); return new PrivateKeyInfo(algorithmIdentifier, new DerOctetString(encoding), attributes); } - if (privateKey is SIKEPrivateKeyParameters) + if (privateKey is SikePrivateKeyParameters sikePrivateKeyParameters) { - SIKEPrivateKeyParameters parameters = (SIKEPrivateKeyParameters)privateKey; - - byte[] encoding = parameters.GetEncoded(); + byte[] encoding = sikePrivateKeyParameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.SikeOidLookup(parameters.GetParameters())); + PqcUtilities.SikeOidLookup(sikePrivateKeyParameters.Parameters)); return new PrivateKeyInfo(algorithmIdentifier, new DerOctetString(encoding), attributes); } - if (privateKey is FalconPrivateKeyParameters) + if (privateKey is FalconPrivateKeyParameters falconPrivateKeyParameters) { - FalconPrivateKeyParameters parameters = (FalconPrivateKeyParameters)privateKey; - Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerInteger(1)); - v.Add(new DerOctetString(parameters.GetSpolyf())); - v.Add(new DerOctetString(parameters.GetG())); - v.Add(new DerOctetString(parameters.GetSpolyF())); + v.Add(new DerOctetString(falconPrivateKeyParameters.GetSpolyf())); + v.Add(new DerOctetString(falconPrivateKeyParameters.GetG())); + v.Add(new DerOctetString(falconPrivateKeyParameters.GetSpolyF())); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.FalconOidLookup(parameters.Parameters)); + PqcUtilities.FalconOidLookup(falconPrivateKeyParameters.Parameters)); - return new PrivateKeyInfo(algorithmIdentifier, new DerSequence(v), attributes, parameters.GetPublicKey()); + return new PrivateKeyInfo(algorithmIdentifier, new DerSequence(v), attributes, + falconPrivateKeyParameters.GetPublicKey()); } - if (privateKey is KyberPrivateKeyParameters) + if (privateKey is KyberPrivateKeyParameters kyberPrivateKeyParameters) { - KyberPrivateKeyParameters parameters = (KyberPrivateKeyParameters)privateKey; - Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerInteger(0)); - v.Add(new DerOctetString(parameters.S)); - v.Add(new DerOctetString(parameters.Hpk)); - v.Add(new DerOctetString(parameters.Nonce)); + v.Add(new DerOctetString(kyberPrivateKeyParameters.S)); + v.Add(new DerOctetString(kyberPrivateKeyParameters.Hpk)); + v.Add(new DerOctetString(kyberPrivateKeyParameters.Nonce)); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.KyberOidLookup(parameters.Parameters)); + PqcUtilities.KyberOidLookup(kyberPrivateKeyParameters.Parameters)); Asn1EncodableVector vPub = new Asn1EncodableVector(); - vPub.Add(new DerOctetString(parameters.T)); - vPub.Add(new DerOctetString(parameters.Rho)); + vPub.Add(new DerOctetString(kyberPrivateKeyParameters.T)); + vPub.Add(new DerOctetString(kyberPrivateKeyParameters.Rho)); - return new PrivateKeyInfo(algorithmIdentifier, new DerSequence(v), attributes, new DerSequence(vPub).GetEncoded()); + return new PrivateKeyInfo(algorithmIdentifier, new DerSequence(v), attributes, + new DerSequence(vPub).GetEncoded()); } - if (privateKey is DilithiumPrivateKeyParameters) + if (privateKey is DilithiumPrivateKeyParameters dilithiumPrivateKeyParameters) { - DilithiumPrivateKeyParameters parameters = (DilithiumPrivateKeyParameters)privateKey; - Asn1EncodableVector v = new Asn1EncodableVector(); v.Add(new DerInteger(0)); - v.Add(new DerBitString(parameters.Rho)); - v.Add(new DerBitString(parameters.K)); - v.Add(new DerBitString(parameters.Tr)); - v.Add(new DerBitString(parameters.S1)); - v.Add(new DerBitString(parameters.S2)); - v.Add(new DerBitString(parameters.T0)); + v.Add(new DerBitString(dilithiumPrivateKeyParameters.Rho)); + v.Add(new DerBitString(dilithiumPrivateKeyParameters.K)); + v.Add(new DerBitString(dilithiumPrivateKeyParameters.Tr)); + v.Add(new DerBitString(dilithiumPrivateKeyParameters.S1)); + v.Add(new DerBitString(dilithiumPrivateKeyParameters.S2)); + v.Add(new DerBitString(dilithiumPrivateKeyParameters.T0)); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.DilithiumOidLookup(parameters.Parameters)); + PqcUtilities.DilithiumOidLookup(dilithiumPrivateKeyParameters.Parameters)); Asn1EncodableVector vPub = new Asn1EncodableVector(); - vPub.Add(new DerOctetString(parameters.Rho)); - vPub.Add(new DerOctetString(parameters.T1)); + vPub.Add(new DerOctetString(dilithiumPrivateKeyParameters.Rho)); + vPub.Add(new DerOctetString(dilithiumPrivateKeyParameters.T1)); return new PrivateKeyInfo(algorithmIdentifier, new DerSequence(v), attributes, new DerSequence(vPub).GetEncoded()); diff --git a/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs b/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs index 08dbaf507..db68387f3 100644 --- a/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs +++ b/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs @@ -242,9 +242,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities { byte[] keyEnc = DerOctetString.GetInstance(keyInfo.ParsePublicKey()).GetOctets(); - SIKEParameters sikeParams = PqcUtilities.SikeParamsLookup(keyInfo.AlgorithmID.Algorithm); + SikeParameters sikeParams = PqcUtilities.SikeParamsLookup(keyInfo.AlgorithmID.Algorithm); - return new SIKEPublicKeyParameters(sikeParams, keyEnc); + return new SikePublicKeyParameters(sikeParams, keyEnc); } } private class DilithiumConverter @@ -349,4 +349,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities } } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/utils/SecretWithEncapsulationImpl.cs b/crypto/src/pqc/crypto/utils/SecretWithEncapsulationImpl.cs index 17057ebfd..c4d3eb44f 100644 --- a/crypto/src/pqc/crypto/utils/SecretWithEncapsulationImpl.cs +++ b/crypto/src/pqc/crypto/utils/SecretWithEncapsulationImpl.cs @@ -1,59 +1,59 @@ using System; + using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Utilities { public class SecretWithEncapsulationImpl - : ISecretWithEncapsulation - { - private volatile bool hasBeenDestroyed = false; + : ISecretWithEncapsulation + { + private volatile bool hasBeenDestroyed = false; - private byte[] sessionKey; - private byte[] cipher_text; + private byte[] sessionKey; + private byte[] cipher_text; - public SecretWithEncapsulationImpl(byte[] sessionKey, byte[] cipher_text) - { - this.sessionKey = sessionKey; - this.cipher_text = cipher_text; - } + public SecretWithEncapsulationImpl(byte[] sessionKey, byte[] cipher_text) + { + this.sessionKey = sessionKey; + this.cipher_text = cipher_text; + } - public byte[] GetSecret() - { - CheckDestroyed(); + public byte[] GetSecret() + { + CheckDestroyed(); - return Arrays.Clone(sessionKey); - } + return Arrays.Clone(sessionKey); + } - public byte[] GetEncapsulation() - { - CheckDestroyed(); + public byte[] GetEncapsulation() + { + CheckDestroyed(); - return Arrays.Clone(cipher_text); - } + return Arrays.Clone(cipher_text); + } - public void Dispose() + public void Dispose() + { + if (!hasBeenDestroyed) { - if (!hasBeenDestroyed) - { - hasBeenDestroyed = true; - Arrays.Clear(sessionKey); - Arrays.Clear(cipher_text); - } + hasBeenDestroyed = true; + Arrays.Clear(sessionKey); + Arrays.Clear(cipher_text); } + } - public bool IsDestroyed() - { - return hasBeenDestroyed; - } + public bool IsDestroyed() + { + return hasBeenDestroyed; + } - void CheckDestroyed() + void CheckDestroyed() + { + if (IsDestroyed()) { - if (IsDestroyed()) - { - throw new Exception("data has been destroyed"); - } + throw new Exception("data has been destroyed"); } } - -} \ No newline at end of file + } +} diff --git a/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs b/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs index 4c527d283..39d437320 100644 --- a/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs +++ b/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs @@ -4,7 +4,6 @@ using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Math; using Org.BouncyCastle.Pqc.Asn1; using Org.BouncyCastle.Pqc.Crypto.Bike; using Org.BouncyCastle.Pqc.Crypto.Cmce; @@ -21,7 +20,6 @@ using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Utilities { - /// <summary> /// A factory to produce Public Key Info Objects. /// </summary> @@ -55,90 +53,74 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdAlgHssLmsHashsig); return new SubjectPublicKeyInfo(algorithmIdentifier, new DerOctetString(encoding)); } - if (publicKey is SphincsPlusPublicKeyParameters) + if (publicKey is SphincsPlusPublicKeyParameters sphincsPlusPublicKeyParameters) { - SphincsPlusPublicKeyParameters parameters = (SphincsPlusPublicKeyParameters)publicKey; - - byte[] encoding = parameters.GetEncoded(); + byte[] encoding = sphincsPlusPublicKeyParameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.SphincsPlusOidLookup(parameters.Parameters)); + PqcUtilities.SphincsPlusOidLookup(sphincsPlusPublicKeyParameters.Parameters)); return new SubjectPublicKeyInfo(algorithmIdentifier, new DerOctetString(encoding)); } - if (publicKey is CmcePublicKeyParameters) + if (publicKey is CmcePublicKeyParameters cmcePublicKeyParameters) { - CmcePublicKeyParameters key = (CmcePublicKeyParameters)publicKey; - - byte[] encoding = key.GetEncoded(); + byte[] encoding = cmcePublicKeyParameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.McElieceOidLookup(key.Parameters)); + PqcUtilities.McElieceOidLookup(cmcePublicKeyParameters.Parameters)); // https://datatracker.ietf.org/doc/draft-uni-qsckeys/ return new SubjectPublicKeyInfo(algorithmIdentifier, new CmcePublicKey(encoding)); } - if (publicKey is SaberPublicKeyParameters) + if (publicKey is SaberPublicKeyParameters saberPublicKeyParameters) { - SaberPublicKeyParameters parameters = (SaberPublicKeyParameters)publicKey; - - byte[] encoding = parameters.GetEncoded(); + byte[] encoding = saberPublicKeyParameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.SaberOidLookup(parameters.Parameters)); + PqcUtilities.SaberOidLookup(saberPublicKeyParameters.Parameters)); // https://datatracker.ietf.org/doc/draft-uni-qsckeys/ return new SubjectPublicKeyInfo(algorithmIdentifier, new DerSequence(new DerOctetString(encoding))); } - if (publicKey is PicnicPublicKeyParameters) + if (publicKey is PicnicPublicKeyParameters picnicPublicKeyParameters) { - PicnicPublicKeyParameters parameters = (PicnicPublicKeyParameters)publicKey; - - byte[] encoding = parameters.GetEncoded(); + byte[] encoding = picnicPublicKeyParameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.PicnicOidLookup(parameters.Parameters)); + PqcUtilities.PicnicOidLookup(picnicPublicKeyParameters.Parameters)); return new SubjectPublicKeyInfo(algorithmIdentifier, new DerOctetString(encoding)); } - if (publicKey is SIKEPublicKeyParameters) + if (publicKey is SikePublicKeyParameters sikePublicKeyParameters) { - SIKEPublicKeyParameters parameters = (SIKEPublicKeyParameters)publicKey; - - byte[] encoding = parameters.GetEncoded(); + byte[] encoding = sikePublicKeyParameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.SikeOidLookup(parameters.GetParameters())); + PqcUtilities.SikeOidLookup(sikePublicKeyParameters.Parameters)); return new SubjectPublicKeyInfo(algorithmIdentifier, new DerOctetString(encoding)); } - if (publicKey is FalconPublicKeyParameters) + if (publicKey is FalconPublicKeyParameters falconPublicKeyParameters) { - FalconPublicKeyParameters parameters = (FalconPublicKeyParameters)publicKey; + byte[] encoding = falconPublicKeyParameters.GetEncoded(); - byte[] encoding = parameters.GetEncoded(); AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.FalconOidLookup(parameters.Parameters)); - + PqcUtilities.FalconOidLookup(falconPublicKeyParameters.Parameters)); return new SubjectPublicKeyInfo(algorithmIdentifier, new DerSequence(new DerOctetString(encoding))); } - if (publicKey is KyberPublicKeyParameters) + if (publicKey is KyberPublicKeyParameters kyberPublicKeyParameters) { - KyberPublicKeyParameters parameters = (KyberPublicKeyParameters)publicKey; - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.KyberOidLookup(parameters.Parameters)); + PqcUtilities.KyberOidLookup(kyberPublicKeyParameters.Parameters)); Asn1EncodableVector v = new Asn1EncodableVector(); - v.Add(new DerOctetString(parameters.T)); - v.Add(new DerOctetString(parameters.Rho)); + v.Add(new DerOctetString(kyberPublicKeyParameters.T)); + v.Add(new DerOctetString(kyberPublicKeyParameters.Rho)); return new SubjectPublicKeyInfo(algorithmIdentifier, new DerSequence(v)); } - if (publicKey is DilithiumPublicKeyParameters) + if (publicKey is DilithiumPublicKeyParameters dilithiumPublicKeyParameters) { - DilithiumPublicKeyParameters parameters = (DilithiumPublicKeyParameters)publicKey; - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier( - PqcUtilities.DilithiumOidLookup(parameters.Parameters)); + PqcUtilities.DilithiumOidLookup(dilithiumPublicKeyParameters.Parameters)); return new SubjectPublicKeyInfo(algorithmIdentifier, - new DerOctetString(Arrays.Concatenate(parameters.Rho, parameters.T1))); + new DerOctetString(Arrays.Concatenate(dilithiumPublicKeyParameters.Rho, dilithiumPublicKeyParameters.T1))); } if (publicKey is BikePublicKeyParameters bikePublicKeyParameters) { @@ -160,37 +142,5 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities throw new ArgumentException("Class provided no convertible: " + Platform.GetTypeName(publicKey)); } - - private static void ExtractBytes( - byte[] encKey, - int offset, - BigInteger bI) - { - byte[] val = bI.ToByteArray(); - int n = (bI.BitLength + 7) / 8; - - for (int i = 0; i < n; ++i) - { - encKey[offset + i] = val[val.Length - 1 - i]; - } - } - - - private static void ExtractBytes(byte[] encKey, int size, int offSet, BigInteger bI) - { - byte[] val = bI.ToByteArray(); - if (val.Length < size) - { - byte[] tmp = new byte[size]; - Array.Copy(val, 0, tmp, tmp.Length - val.Length, val.Length); - val = tmp; - } - - for (int i = 0; i != size; i++) - { - encKey[offSet + i] = val[val.Length - 1 - i]; - } - } - } -} \ No newline at end of file +} diff --git a/crypto/test/src/pqc/crypto/test/SikeVectorTest.cs b/crypto/test/src/pqc/crypto/test/SikeVectorTest.cs index 0643120bf..e5f4d90ba 100644 --- a/crypto/test/src/pqc/crypto/test/SikeVectorTest.cs +++ b/crypto/test/src/pqc/crypto/test/SikeVectorTest.cs @@ -16,16 +16,16 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests [TestFixture] public class SikeVectorTest { - private static readonly Dictionary<string, SIKEParameters> Parameters = new Dictionary<string, SIKEParameters>() + private static readonly Dictionary<string, SikeParameters> Parameters = new Dictionary<string, SikeParameters>() { - { "PQCkemKAT_374.rsp" , SIKEParameters.sikep434 }, - { "PQCkemKAT_434.rsp" , SIKEParameters.sikep503 }, - { "PQCkemKAT_524.rsp" , SIKEParameters.sikep610 }, - { "PQCkemKAT_644.rsp" , SIKEParameters.sikep751 }, - { "PQCkemKAT_350.rsp" , SIKEParameters.sikep434_compressed }, - { "PQCkemKAT_407.rsp" , SIKEParameters.sikep503_compressed }, - { "PQCkemKAT_491.rsp" , SIKEParameters.sikep610_compressed }, - { "PQCkemKAT_602.rsp" , SIKEParameters.sikep751_compressed }, + { "PQCkemKAT_374.rsp" , SikeParameters.sikep434 }, + { "PQCkemKAT_434.rsp" , SikeParameters.sikep503 }, + { "PQCkemKAT_524.rsp" , SikeParameters.sikep610 }, + { "PQCkemKAT_644.rsp" , SikeParameters.sikep751 }, + { "PQCkemKAT_350.rsp" , SikeParameters.sikep434_compressed }, + { "PQCkemKAT_407.rsp" , SikeParameters.sikep503_compressed }, + { "PQCkemKAT_491.rsp" , SikeParameters.sikep610_compressed }, + { "PQCkemKAT_602.rsp" , SikeParameters.sikep751_compressed }, }; private static readonly string[] TestVectorFilesBasic = @@ -68,10 +68,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests byte[] ss = Hex.Decode(buf["ss"]); // session key NistSecureRandom random = new NistSecureRandom(seed, null); - SIKEParameters SIKEParameters = Parameters[name]; + SikeParameters SIKEParameters = Parameters[name]; - SIKEKeyPairGenerator kpGen = new SIKEKeyPairGenerator(); - SIKEKeyGenerationParameters genParams = new SIKEKeyGenerationParameters(random, SIKEParameters); + SikeKeyPairGenerator kpGen = new SikeKeyPairGenerator(); + SikeKeyGenerationParameters genParams = new SikeKeyGenerationParameters(random, SIKEParameters); // // Generate keys and test. @@ -80,9 +80,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair(); // todo - SIKEPublicKeyParameters pubParams = (SIKEPublicKeyParameters)PublicKeyFactory.CreateKey( + SikePublicKeyParameters pubParams = (SikePublicKeyParameters)PublicKeyFactory.CreateKey( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public)); - SIKEPrivateKeyParameters privParams = (SIKEPrivateKeyParameters)PrivateKeyFactory.CreateKey( + SikePrivateKeyParameters privParams = (SikePrivateKeyParameters)PrivateKeyFactory.CreateKey( PrivateKeyInfoFactory.CreatePrivateKeyInfo(kp.Private)); // SIKEPublicKeyParameters pubParams = (SIKEPublicKeyParameters)kp.Public; @@ -94,7 +94,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests Assert.True(Arrays.AreEqual(sk, privParams.GetEncoded()), name + " " + count + ": secret key"); // KEM Enc - SIKEKEMGenerator sikeEncCipher = new SIKEKEMGenerator(random); + SikeKemGenerator sikeEncCipher = new SikeKemGenerator(random); ISecretWithEncapsulation secWenc = sikeEncCipher.GenerateEncapsulated(pubParams); byte[] generated_cipher_text = secWenc.GetEncapsulation(); @@ -110,7 +110,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests Assert.True(Arrays.AreEqual(ss, secret), name + " " + count + ": kem_enc key"); // KEM Dec - SIKEKEMExtractor sikeDecCipher = new SIKEKEMExtractor(privParams); + SikeKemExtractor sikeDecCipher = new SikeKemExtractor(privParams); byte[] dec_key = sikeDecCipher.ExtractSecret(generated_cipher_text); |