diff options
| author | David Hook <dgh@cryptoworkshop.com> | 2022-07-10 13:22:08 +1000 |
|---|---|---|
| committer | David Hook <dgh@cryptoworkshop.com> | 2022-07-10 13:22:08 +1000 |
| commit | 76dc4973f7a0909fecb1da101f28e91911fabe77 (patch) | |
| tree | af2b41ef4787199de490f7a2d791d035b111713f | |
| parent | added Oracle PKCS12 trusted certificate usage oid (diff) | |
| parent | thread safety fix (diff) | |
| download | BouncyCastle.NET-ed25519-76dc4973f7a0909fecb1da101f28e91911fabe77.tar.xz | |
Merge remote-tracking branch 'refs/remotes/origin/master'
7 files changed, 123 insertions, 52 deletions
diff --git a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs index 57e3a005d..95a7a00d2 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs @@ -32,7 +32,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic protected internal int numMPCParties; // N protected internal int seedSizeBytes; protected internal int digestSizeBytes; - static int pqSecurityLevel; + protected internal int pqSecurityLevel; @@ -1403,7 +1403,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic if (!SubarrayEquals(temp, pubKey, stateSizeWords)) { - Console.Error.Write("Simulation failed; output does not match public key (round = %d)\n", k); + Console.Error.WriteLine("Simulation failed; output does not match public key (round = " + k + ")"); return -1; } diff --git a/crypto/src/pqc/crypto/picnic/PicnicParameters.cs b/crypto/src/pqc/crypto/picnic/PicnicParameters.cs index ed03e92c7..ed2030054 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicParameters.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicParameters.cs @@ -21,13 +21,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic public static PicnicParameters picnicl5full = new PicnicParameters("picnicl5full", 12); private String name; - private PicnicEngine engine; - - //todo make private - public PicnicParameters(String name, int param) + private int param; + private PicnicParameters(String name, int param) { this.name = name; - this.engine = new PicnicEngine(param); + this.param = param; } public String GetName() @@ -35,9 +33,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic return name; } - public PicnicEngine GetEngine() + internal PicnicEngine GetEngine() { - return engine; + return new PicnicEngine(param); } } } \ No newline at end of file diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs index 2391b3414..9e5724027 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs @@ -18,7 +18,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus public AsymmetricCipherKeyPair GenerateKeyPair() { - SPHINCSPlusEngine engine = parameters.Engine; + SPHINCSPlusEngine engine = parameters.GetEngine(); SK sk = new SK(SecRand(engine.N), SecRand(engine.N)); byte[] pkSeed = SecRand(engine.N); diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs index b99df864f..3faaca896 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs @@ -4,81 +4,91 @@ using Org.BouncyCastle.Crypto.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { + interface ISPHINCSPlusEngineProvider + { + int N + { + get; + } + + SPHINCSPlusEngine Get(); + } + public class SPHINCSPlusParameters { public static SPHINCSPlusParameters sha2_128f = new SPHINCSPlusParameters("sha2-128f-robust", - new SPHINCSPlusEngine.Sha2Engine(true, 16, 16, 22, 6, 33, 66)); + new Sha2EngineProvider(true, 16, 16, 22, 6, 33, 66)); public static SPHINCSPlusParameters sha2_128s = new SPHINCSPlusParameters("sha2-128s-robust", - new SPHINCSPlusEngine.Sha2Engine(true, 16, 16, 7, 12, 14, 63)); + new Sha2EngineProvider(true, 16, 16, 7, 12, 14, 63)); public static SPHINCSPlusParameters sha2_192f = new SPHINCSPlusParameters("sha2-192f-robust", - new SPHINCSPlusEngine.Sha2Engine(true, 24, 16, 22, 8, 33, 66)); + new Sha2EngineProvider(true, 24, 16, 22, 8, 33, 66)); public static SPHINCSPlusParameters sha2_192s = new SPHINCSPlusParameters("sha2-192s-robust", - new SPHINCSPlusEngine.Sha2Engine(true, 24, 16, 7, 14, 17, 63)); + new Sha2EngineProvider(true, 24, 16, 7, 14, 17, 63)); public static SPHINCSPlusParameters sha2_256f = new SPHINCSPlusParameters("sha2-256f-robust", - new SPHINCSPlusEngine.Sha2Engine(true, 32, 16, 17, 9, 35, 68)); + new Sha2EngineProvider(true, 32, 16, 17, 9, 35, 68)); public static SPHINCSPlusParameters sha2_256s = new SPHINCSPlusParameters("sha2-256s-robust", - new SPHINCSPlusEngine.Sha2Engine(true, 32, 16, 8, 14, 22, 64)); + new Sha2EngineProvider(true, 32, 16, 8, 14, 22, 64)); public static SPHINCSPlusParameters sha2_128f_simple = new SPHINCSPlusParameters("sha2-128f-simple", - new SPHINCSPlusEngine.Sha2Engine(false, 16, 16, 22, 6, 33, 66)); + new Sha2EngineProvider(false, 16, 16, 22, 6, 33, 66)); public static SPHINCSPlusParameters sha2_128s_simple = new SPHINCSPlusParameters("sha2-128s-simple", - new SPHINCSPlusEngine.Sha2Engine(false, 16, 16, 7, 12, 14, 63)); + new Sha2EngineProvider(false, 16, 16, 7, 12, 14, 63)); public static SPHINCSPlusParameters sha2_192f_simple = new SPHINCSPlusParameters("sha2-192f-simple", - new SPHINCSPlusEngine.Sha2Engine(false, 24, 16, 22, 8, 33, 66)); + new Sha2EngineProvider(false, 24, 16, 22, 8, 33, 66)); public static SPHINCSPlusParameters sha2_192s_simple = new SPHINCSPlusParameters("sha2-192s-simple", - new SPHINCSPlusEngine.Sha2Engine(false, 24, 16, 7, 14, 17, 63)); + new Sha2EngineProvider(false, 24, 16, 7, 14, 17, 63)); public static SPHINCSPlusParameters sha2_256f_simple = new SPHINCSPlusParameters("sha2-256f-simple", - new SPHINCSPlusEngine.Sha2Engine(false, 32, 16, 17, 9, 35, 68)); + new Sha2EngineProvider(false, 32, 16, 17, 9, 35, 68)); public static SPHINCSPlusParameters sha2_256s_simple = new SPHINCSPlusParameters("sha2-256s-simple", - new SPHINCSPlusEngine.Sha2Engine(false, 32, 16, 8, 14, 22, 64)); + new Sha2EngineProvider(false, 32, 16, 8, 14, 22, 64)); // SHAKE-256. public static SPHINCSPlusParameters shake_128f = new SPHINCSPlusParameters("shake-128f-robust", - new SPHINCSPlusEngine.Shake256Engine(true, 16, 16, 22, 6, 33, 66)); + new Shake256EngineProvider(true, 16, 16, 22, 6, 33, 66)); public static SPHINCSPlusParameters shake_128s = new SPHINCSPlusParameters("shake-128s-robust", - new SPHINCSPlusEngine.Shake256Engine(true, 16, 16, 7, 12, 14, 63)); + new Shake256EngineProvider(true, 16, 16, 7, 12, 14, 63)); public static SPHINCSPlusParameters shake_192f = new SPHINCSPlusParameters("shake-192f-robust", - new SPHINCSPlusEngine.Shake256Engine(true, 24, 16, 22, 8, 33, 66)); + new Shake256EngineProvider(true, 24, 16, 22, 8, 33, 66)); public static SPHINCSPlusParameters shake_192s = new SPHINCSPlusParameters("shake-192s-robust", - new SPHINCSPlusEngine.Shake256Engine(true, 24, 16, 7, 14, 17, 63)); + new Shake256EngineProvider(true, 24, 16, 7, 14, 17, 63)); public static SPHINCSPlusParameters shake_256f = new SPHINCSPlusParameters("shake-256f-robust", - new SPHINCSPlusEngine.Shake256Engine(true, 32, 16, 17, 9, 35, 68)); + new Shake256EngineProvider(true, 32, 16, 17, 9, 35, 68)); public static SPHINCSPlusParameters shake_256s = new SPHINCSPlusParameters("shake-256s-robust", - new SPHINCSPlusEngine.Shake256Engine(true, 32, 16, 8, 14, 22, 64)); + new Shake256EngineProvider(true, 32, 16, 8, 14, 22, 64)); public static SPHINCSPlusParameters shake_128f_simple = new SPHINCSPlusParameters("shake-128f-simple", - new SPHINCSPlusEngine.Shake256Engine(false, 16, 16, 22, 6, 33, 66)); + new Shake256EngineProvider(false, 16, 16, 22, 6, 33, 66)); public static SPHINCSPlusParameters shake_128s_simple = new SPHINCSPlusParameters("shake-128s-simple", - new SPHINCSPlusEngine.Shake256Engine(false, 16, 16, 7, 12, 14, 63)); + new Shake256EngineProvider(false, 16, 16, 7, 12, 14, 63)); public static SPHINCSPlusParameters shake_192f_simple = new SPHINCSPlusParameters("shake-192f-simple", - new SPHINCSPlusEngine.Shake256Engine(false, 24, 16, 22, 8, 33, 66)); + new Shake256EngineProvider(false, 24, 16, 22, 8, 33, 66)); public static SPHINCSPlusParameters shake_192s_simple = new SPHINCSPlusParameters("shake-192s-simple", - new SPHINCSPlusEngine.Shake256Engine(false, 24, 16, 7, 14, 17, 63)); + new Shake256EngineProvider(false, 24, 16, 7, 14, 17, 63)); public static SPHINCSPlusParameters shake_256f_simple = new SPHINCSPlusParameters("shake-256f-simple", - new SPHINCSPlusEngine.Shake256Engine(false, 32, 16, 17, 9, 35, 68)); + new Shake256EngineProvider(false, 32, 16, 17, 9, 35, 68)); public static SPHINCSPlusParameters shake_256s_simple = new SPHINCSPlusParameters("shake-256s-simple", - new SPHINCSPlusEngine.Shake256Engine(false, 32, 16, 8, 14, 22, 64)); + new Shake256EngineProvider(false, 32, 16, 8, 14, 22, 64)); private static uint sphincsPlus_sha2_128f_robust = 0x010101; private static uint sphincsPlus_sha2_128s_robust = 0x010102; @@ -86,21 +96,21 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus private static uint sphincsPlus_sha2_192s_robust = 0x010104; private static uint sphincsPlus_sha2_256f_robust = 0x010105; private static uint sphincsPlus_sha2_256s_robust = 0x010106; - + private static uint sphincsPlus_sha2_128f_simple = 0x010201; private static uint sphincsPlus_sha2_128s_simple = 0x010202; private static uint sphincsPlus_sha2_192f_simple = 0x010203; private static uint sphincsPlus_sha2_192s_simple = 0x010204; private static uint sphincsPlus_sha2_256f_simple = 0x010205; private static uint sphincsPlus_sha2_256s_simple = 0x010206; - + private static uint sphincsPlus_shake_128f_robust = 0x020101; private static uint sphincsPlus_shake_128s_robust = 0x020102; private static uint sphincsPlus_shake_192f_robust = 0x020103; private static uint sphincsPlus_shake_192s_robust = 0x020104; private static uint sphincsPlus_shake_256f_robust = 0x020105; private static uint sphincsPlus_shake_256s_robust = 0x020106; - + private static uint sphincsPlus_shake_128f_simple = 0x020201; private static uint sphincsPlus_shake_128s_simple = 0x020202; private static uint sphincsPlus_shake_192f_simple = 0x020203; @@ -155,12 +165,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus paramsToOid[SPHINCSPlusParameters.sha2_256f_simple] = sphincsPlus_sha2_256f_simple; paramsToOid[SPHINCSPlusParameters.sha2_256s_simple] = sphincsPlus_sha2_256s_simple; - paramsToOid[SPHINCSPlusParameters.shake_128f] = sphincsPlus_shake_128f_robust; - paramsToOid[SPHINCSPlusParameters.shake_128s] = sphincsPlus_shake_128s_robust; - paramsToOid[SPHINCSPlusParameters.shake_192f] = sphincsPlus_shake_192f_robust; - paramsToOid[SPHINCSPlusParameters.shake_192s] = sphincsPlus_shake_192s_robust; - paramsToOid[SPHINCSPlusParameters.shake_256f] = sphincsPlus_shake_256f_robust; - paramsToOid[SPHINCSPlusParameters.shake_256s] = sphincsPlus_shake_256s_robust; + paramsToOid[SPHINCSPlusParameters.shake_128f] = sphincsPlus_shake_128f_robust; + paramsToOid[SPHINCSPlusParameters.shake_128s] = sphincsPlus_shake_128s_robust; + paramsToOid[SPHINCSPlusParameters.shake_192f] = sphincsPlus_shake_192f_robust; + paramsToOid[SPHINCSPlusParameters.shake_192s] = sphincsPlus_shake_192s_robust; + paramsToOid[SPHINCSPlusParameters.shake_256f] = sphincsPlus_shake_256f_robust; + paramsToOid[SPHINCSPlusParameters.shake_256s] = sphincsPlus_shake_256s_robust; paramsToOid[SPHINCSPlusParameters.shake_128f_simple] = sphincsPlus_shake_128f_simple; paramsToOid[SPHINCSPlusParameters.shake_128s_simple] = sphincsPlus_shake_128s_simple; @@ -171,17 +181,22 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus } private String name; - private SPHINCSPlusEngine engine; + private ISPHINCSPlusEngineProvider engineProvider; - private SPHINCSPlusParameters(String name, SPHINCSPlusEngine engine) + private SPHINCSPlusParameters(String name, ISPHINCSPlusEngineProvider engineProvider) { this.name = name; - this.engine = engine; + this.engineProvider = engineProvider; } public String Name => name; - internal SPHINCSPlusEngine Engine => engine; + internal int N => engineProvider.N; + + internal SPHINCSPlusEngine GetEngine() + { + return engineProvider.Get(); + } /** * Return the SPHINCS+ parameters that map to the passed in parameter ID. @@ -191,7 +206,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus */ public static SPHINCSPlusParameters GetParams(uint id) { - return (SPHINCSPlusParameters) oidToParams[id]; + return (SPHINCSPlusParameters)oidToParams[id]; } /** @@ -210,4 +225,62 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return Pack.UInt32_To_BE(GetID(this)); } } + + class Sha2EngineProvider : ISPHINCSPlusEngineProvider + { + private readonly bool robust; + private readonly int n; + private readonly uint w; + private readonly uint d; + private readonly int a; + private readonly int k; + private readonly uint h; + + internal Sha2EngineProvider(bool robust, int n, uint w, uint d, int a, int k, uint h) + { + this.robust = robust; + this.n = n; + this.w = w; + this.d = d; + this.a = a; + this.k = k; + this.h = h; + } + + public int N => this.n; + + public SPHINCSPlusEngine Get() + { + return new SPHINCSPlusEngine.Sha2Engine(robust, n, w, d, a, k, h); + } + } + + class Shake256EngineProvider : ISPHINCSPlusEngineProvider + { + private readonly bool robust; + private readonly int n; + private readonly uint w; + private readonly uint d; + private readonly int a; + private readonly int k; + private readonly uint h; + + internal Shake256EngineProvider(bool robust, int n, uint w, uint d, int a, int k, uint h) + { + this.robust = robust; + this.n = n; + this.w = w; + this.d = d; + this.a = a; + this.k = k; + this.h = h; + } + + public int N => this.n; + + public SPHINCSPlusEngine Get() + { + return new SPHINCSPlusEngine.Shake256Engine(robust, n, w, d, a, k, h); + } + } } \ No newline at end of file diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs index 3a42cd8f8..42c20f25d 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs @@ -14,7 +14,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus public SPHINCSPlusPrivateKeyParameters(SPHINCSPlusParameters parameters, byte[] skpkEncoded) : base(true, parameters) { - int n = parameters.Engine.N; + int n = parameters.N; if (skpkEncoded.Length != 4 * n) { throw new ArgumentException("private key encoding does not match parameters"); diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs index 24edd38b3..429234ee7 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs @@ -12,7 +12,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus public SPHINCSPlusPublicKeyParameters(SPHINCSPlusParameters parameters, byte[] pkEncoded) : base(false, parameters) { - int n = parameters.Engine.N; + int n = parameters.N; if (pkEncoded.Length != 2 * n) { throw new ArgumentException("public key encoding does not match parameters"); diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs index 7cbb9c1fb..ec0b9691e 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs @@ -59,7 +59,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus // # Output: SPHINCS+ signature SIG // init - SPHINCSPlusEngine engine = privKey.GetParameters().Engine; + SPHINCSPlusEngine engine = privKey.GetParameters().GetEngine(); // generate randomizer byte[] optRand = new byte[engine.N]; @@ -118,7 +118,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus //# Output: bool // init - SPHINCSPlusEngine engine = pubKey.GetParameters().Engine; + SPHINCSPlusEngine engine = pubKey.GetParameters().GetEngine(); Adrs adrs = new Adrs(); SIG sig = new SIG(engine.N, engine.K, engine.A, engine.D, engine.H_PRIME, engine.WOTS_LEN, signature); |