diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-10-11 21:10:07 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2022-10-11 21:10:07 +0700 |
| commit | 3046d8145e0cb90496c011f8144dd0910afa84c0 (patch) | |
| tree | eb8c6fca392c19e31e31cda48e9b50b89c89769e /crypto/src/pqc | |
| parent | Hardware-accelerate Haraka engine for SPHINCS+ (diff) | |
| download | BouncyCastle.NET-ed25519-3046d8145e0cb90496c011f8144dd0910afa84c0.tar.xz | |
Change method names in IXof
- distinct from IDigest methods and consistent with span-based methods
Diffstat (limited to 'crypto/src/pqc')
| -rw-r--r-- | crypto/src/pqc/crypto/cmce/CmceEngine.cs | 14 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs | 14 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/crystals/dilithium/Poly.cs | 4 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs | 4 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs | 6 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/frodo/FrodoEngine.cs | 20 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs | 2 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/picnic/PicnicEngine.cs | 34 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/picnic/Tree.cs | 4 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/saber/Poly.cs | 4 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/saber/SABEREngine.cs | 2 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/sike/SIKEEngine.cs | 24 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs | 4 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs | 4 | ||||
| -rw-r--r-- | crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs | 28 |
15 files changed, 83 insertions, 85 deletions
diff --git a/crypto/src/pqc/crypto/cmce/CmceEngine.cs b/crypto/src/pqc/crypto/cmce/CmceEngine.cs index 41194e8a6..7dd404427 100644 --- a/crypto/src/pqc/crypto/cmce/CmceEngine.cs +++ b/crypto/src/pqc/crypto/cmce/CmceEngine.cs @@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.Update(64); digest.BlockUpdate(sk, 0, 32); - ((IXof)digest).DoFinal(hash, 0, hash.Length); + ((IXof)digest).OutputFinal(hash, 0, hash.Length); for (int i = 0; i < (1 << GFBITS); i++) { @@ -123,7 +123,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.Update((byte)64); digest.BlockUpdate(sk, 0, 32); // input - ((IXof)digest).DoFinal(hash, 0, hash.Length); + ((IXof)digest).OutputFinal(hash, 0, hash.Length); // generate g @@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce // SeededKeyGen - 1. Compute E = G(δ), a string of n + σ2q + σ1t + l bits. (3488 + 32*4096 + 16*64 + 256) digest.BlockUpdate(seed_a, 0, seed_a.Length); digest.BlockUpdate(seed_b, 0, seed_b.Length); - ((IXof)digest).DoFinal(E, 0, E.Length); + ((IXof)digest).OutputFinal(E, 0, E.Length); // Store the seeds generated // SeededKeyGen - 2. Define δ′ as the last l bits of E. @@ -532,7 +532,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.Update((byte)0x02); digest.BlockUpdate(error_vector, 0, error_vector.Length); // input - ((IXof)digest).DoFinal(cipher_text, SYND_BYTES, cipher_text.Length - SYND_BYTES); // output + ((IXof)digest).OutputFinal(cipher_text, SYND_BYTES, cipher_text.Length - SYND_BYTES); // output /* 2.4.5 Encapsulation @@ -543,7 +543,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce digest.Update((byte)0x01); digest.BlockUpdate(error_vector, 0, error_vector.Length); digest.BlockUpdate(cipher_text, 0, cipher_text.Length); // input - ((IXof)digest).DoFinal(key, 0, key.Length); // output + ((IXof)digest).OutputFinal(key, 0, key.Length); // output if (usePadding) { @@ -598,7 +598,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.Update((byte)0x02); digest.BlockUpdate(error_vector, 0, error_vector.Length); // input - ((IXof)digest).DoFinal(conf, 0, conf.Length); // output + ((IXof)digest).OutputFinal(conf, 0, conf.Length); // output /* 2.3.3 Decapsulation @@ -640,7 +640,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce // = SHAKE256(preimage, 32) digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.BlockUpdate(preimage, 0, preimage.Length); // input - ((IXof)digest).DoFinal(key, 0, key.Length); // output + ((IXof)digest).OutputFinal(key, 0, key.Length); // output // clear outputs (set to all 1's) if padding bits are not all zero diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs index 9648167d1..4ba769984 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs @@ -141,7 +141,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest Shake256Digest = new ShakeDigest(256); Shake256Digest.BlockUpdate(SeedBuf, 0, SeedBytes); - Shake256Digest.DoFinal(buf, 0, 2 * SeedBytes + CrhBytes); + Shake256Digest.OutputFinal(buf, 0, 2 * SeedBytes + CrhBytes); rho = Arrays.CopyOfRange(buf, 0, SeedBytes); rhoPrime = Arrays.CopyOfRange(buf, SeedBytes, SeedBytes + CrhBytes); @@ -171,7 +171,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium Shake256Digest.BlockUpdate(rho, 0, rho.Length); Shake256Digest.BlockUpdate(encT1, 0, encT1.Length); - Shake256Digest.DoFinal(tr, 0, SeedBytes); + Shake256Digest.OutputFinal(tr, 0, SeedBytes); Packing.PackSecretKey(t0_, s1_, s2_, t0, s1, s2, this); } @@ -192,7 +192,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest ShakeDigest256 = new ShakeDigest(256); ShakeDigest256.BlockUpdate(tr, 0, SeedBytes); ShakeDigest256.BlockUpdate(msg, 0, msglen); - ShakeDigest256.DoFinal(mu, 0, CrhBytes); + ShakeDigest256.OutputFinal(mu, 0, CrhBytes); if (_random != null) { @@ -203,7 +203,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium byte[] KeyMu = Arrays.CopyOf(key, SeedBytes + CrhBytes); Array.Copy(mu, 0, KeyMu, SeedBytes, CrhBytes); ShakeDigest256.BlockUpdate(KeyMu, 0, SeedBytes + CrhBytes); - ShakeDigest256.DoFinal(rhoPrime, 0, CrhBytes); + ShakeDigest256.OutputFinal(rhoPrime, 0, CrhBytes); } Matrix.ExpandMatrix(rho); @@ -229,7 +229,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest256.BlockUpdate(mu, 0, CrhBytes); ShakeDigest256.BlockUpdate(sig, 0, K * PolyW1PackedBytes); - ShakeDigest256.DoFinal(sig, 0, SeedBytes); + ShakeDigest256.OutputFinal(sig, 0, SeedBytes); cp.Challenge(sig); @@ -311,7 +311,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest Shake256Digest = new ShakeDigest(256); Shake256Digest.BlockUpdate(rho, 0, rho.Length); Shake256Digest.BlockUpdate(encT1, 0, encT1.Length); - Shake256Digest.DoFinal(mu, 0, SeedBytes); + Shake256Digest.OutputFinal(mu, 0, SeedBytes); Shake256Digest.BlockUpdate(mu, 0, SeedBytes); Shake256Digest.BlockUpdate(msg, 0, msglen); @@ -341,7 +341,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium Shake256Digest.BlockUpdate(mu, 0, CrhBytes); Shake256Digest.BlockUpdate(buf, 0, K * PolyW1PackedBytes); - Shake256Digest.DoFinal(c2, 0, SeedBytes); + Shake256Digest.OutputFinal(c2, 0, SeedBytes); for (int i = 0; i < SeedBytes; ++i) { diff --git a/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs b/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs index 6978796c4..eb209f8a2 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs @@ -591,7 +591,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest ShakeDigest256 = new ShakeDigest(256); ShakeDigest256.BlockUpdate(seed, 0, DilithiumEngine.SeedBytes); - ShakeDigest256.DoOutput(buf, 0, Symmetric.Stream256BlockBytes); + ShakeDigest256.Output(buf, 0, Symmetric.Stream256BlockBytes); signs = 0; for (i = 0; i < 8; ++i) @@ -612,7 +612,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium { if (pos >= Symmetric.Stream256BlockBytes) { - ShakeDigest256.DoOutput(buf, 0, Symmetric.Stream256BlockBytes); + ShakeDigest256.Output(buf, 0, Symmetric.Stream256BlockBytes); pos = 0; } b = (buf[pos++] & 0xFF); diff --git a/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs b/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs index d025b98fd..b3836ef87 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs @@ -116,12 +116,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium internal override void Stream128SqueezeBlocks(byte[] output, int offset, int size) { - digest128.DoOutput(output, offset, size); + digest128.Output(output, offset, size); } internal override void Stream256SqueezeBlocks(byte[] output, int offset, int size) { - digest256.DoOutput(output, offset, size); + digest256.Output(output, offset, size); } } } diff --git a/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs b/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs index b618d7bce..bea8cae54 100644 --- a/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs +++ b/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs @@ -71,7 +71,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber internal override void XofSqueezeBlocks(byte[] output, int outOffset, int outLen) { - xof.DoOutput(output, outOffset, outLen); + xof.Output(output, outOffset, outLen); } internal override void Prf(byte[] output, byte[] seed, byte nonce) @@ -80,13 +80,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber Array.Copy(seed, 0, extSeed, 0, seed.Length); extSeed[seed.Length] = nonce; shakeDigest.BlockUpdate(extSeed, 0, extSeed.Length); - shakeDigest.DoFinal(output, 0, output.Length); + shakeDigest.OutputFinal(output, 0, output.Length); } internal override void Kdf(byte[] output, byte[] input) { shakeDigest.BlockUpdate(input, 0, input.Length); - shakeDigest.DoFinal(output, 0, output.Length); + shakeDigest.OutputFinal(output, 0, output.Length); } } diff --git a/crypto/src/pqc/crypto/frodo/FrodoEngine.cs b/crypto/src/pqc/crypto/frodo/FrodoEngine.cs index 2f9c50921..7fefb4767 100644 --- a/crypto/src/pqc/crypto/frodo/FrodoEngine.cs +++ b/crypto/src/pqc/crypto/frodo/FrodoEngine.cs @@ -223,7 +223,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo // 2. Generate pseudorandom seed seedA = SHAKE(z, len_seedA) (length in bits) byte[] seedA = new byte[len_seedA_bytes]; digest.BlockUpdate(z, 0, z.Length); - ((IXof) digest).DoFinal(seedA, 0, seedA.Length); + ((IXof) digest).OutputFinal(seedA, 0, seedA.Length); // 3. A = Frodo.Gen(seedA) short[] A = gen.GenMatrix(seedA); @@ -233,7 +233,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo digest.Update((byte) 0x5f); digest.BlockUpdate(seedSE, 0, seedSE.Length); - ((IXof) digest).DoFinal(rbytes, 0, rbytes.Length); + ((IXof) digest).OutputFinal(rbytes, 0, rbytes.Length); short[] r = new short[2 * n * nbar]; for (int i = 0; i < r.Length; i++) @@ -258,7 +258,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo byte[] pkh = new byte[len_pkh_bytes]; digest.BlockUpdate(pk, 0, pk.Length); - ((IXof) digest).DoFinal(pkh, 0, pkh.Length); + ((IXof) digest).OutputFinal(pkh, 0, pkh.Length); //10. sk = (s || seedA || b, S^T, pkh) Array.Copy(Arrays.Concatenate(s, pk), 0, @@ -377,13 +377,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo // 2. pkh = SHAKE(pk, len_pkh) byte[] pkh = new byte[len_pkh_bytes]; digest.BlockUpdate(pk, 0, len_pk_bytes); - ((IXof) digest).DoFinal(pkh, 0, len_pkh_bytes); + ((IXof) digest).OutputFinal(pkh, 0, len_pkh_bytes); // 3. seedSE || k = SHAKE(pkh || mu, len_seedSE + len_k) (length in bits) byte[] seedSE_k = new byte[len_seedSE + len_k]; digest.BlockUpdate(pkh, 0, len_pkh_bytes); digest.BlockUpdate(mu, 0, len_mu_bytes); - ((IXof) digest).DoFinal(seedSE_k, 0, len_seedSE_bytes + len_k_bytes); + ((IXof) digest).OutputFinal(seedSE_k, 0, len_seedSE_bytes + len_k_bytes); byte[] seedSE = Arrays.CopyOfRange(seedSE_k, 0, len_seedSE_bytes); byte[] k = Arrays.CopyOfRange(seedSE_k, len_seedSE_bytes, len_seedSE_bytes + len_k_bytes); @@ -392,7 +392,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo byte[] rbytes = new byte[(2 * mbar * n + mbar * nbar) * len_chi_bytes]; digest.Update((byte) 0x96); digest.BlockUpdate(seedSE, 0, seedSE.Length); - ((IXof) digest).DoFinal(rbytes, 0, rbytes.Length); + ((IXof) digest).OutputFinal(rbytes, 0, rbytes.Length); short[] r = new short[rbytes.Length / 2]; for (int i = 0; i < r.Length; i++) @@ -436,7 +436,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo digest.BlockUpdate(c1, 0, c1.Length); digest.BlockUpdate(c2, 0, c2.Length); digest.BlockUpdate(k, 0, len_k_bytes); - ((IXof) digest).DoFinal(ss, 0, len_s_bytes); + ((IXof) digest).OutputFinal(ss, 0, len_s_bytes); } private short[] MatrixSub(short[] X, short[] Y, int n1, int n2) @@ -568,7 +568,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo byte[] seedSEprime_kprime = new byte[len_seedSE_bytes + len_k_bytes]; digest.BlockUpdate(pkh, 0, len_pkh_bytes); digest.BlockUpdate(muprime, 0, len_mu_bytes); - ((IXof) digest).DoFinal(seedSEprime_kprime, 0, len_seedSE_bytes + len_k_bytes); + ((IXof) digest).OutputFinal(seedSEprime_kprime, 0, len_seedSE_bytes + len_k_bytes); byte[] kprime = Arrays.CopyOfRange(seedSEprime_kprime, len_seedSE_bytes, len_seedSE_bytes + len_k_bytes); @@ -576,7 +576,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo byte[] rbytes = new byte[(2 * mbar * n + mbar * mbar) * len_chi_bytes]; digest.Update((byte) 0x96); digest.BlockUpdate(seedSEprime_kprime, 0, len_seedSE_bytes); - ((IXof) digest).DoFinal(rbytes, 0, rbytes.Length); + ((IXof) digest).OutputFinal(rbytes, 0, rbytes.Length); short[] r = new short[2 * mbar * n + mbar * nbar]; for (int i = 0; i < r.Length; i++) @@ -620,7 +620,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo digest.BlockUpdate(c1, 0, c1.Length); digest.BlockUpdate(c2, 0, c2.Length); digest.BlockUpdate(kbar, 0, kbar.Length); - ((IXof) digest).DoFinal(ss, 0, len_ss_bytes); + ((IXof) digest).OutputFinal(ss, 0, len_ss_bytes); } } diff --git a/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs b/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs index 01f1016a7..468e00fbd 100644 --- a/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs +++ b/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs @@ -46,7 +46,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo // 2. c_{i,0} || c_{i,1} || ... || c_{i,n-1} = SHAKE128(b, 16n) (length in bits) where each c_{i,j} is parsed as a 16-bit integer in little-endian byte order format IXof digest = new ShakeDigest(128); digest.BlockUpdate(b, 0, b.Length); - digest.DoFinal(tmp, 0, tmp.Length); + digest.OutputFinal(tmp, 0, tmp.Length); for (j = 0; j < n; j++) { A[i * n + j] = (short) (Pack.LE_To_UInt16(tmp, 2 * j) % q);//todo add % q diff --git a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs index 605a27764..0e2a4b54f 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs @@ -1508,7 +1508,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* Hash the salt & message */ digest.BlockUpdate(salt, 0, saltSizeBytes); digest.BlockUpdate(message, 0, message.Length); - digest.DoFinal(hash, 0, digestSizeBytes); + digest.OutputFinal(hash, 0, digestSizeBytes); /* Convert hash to a packed string of values in {0,1,2} */ int round = 0; @@ -1548,7 +1548,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* We need more bits; hash set hash = H_1(hash) */ digest.Update((byte) 1); digest.BlockUpdate(hash, 0, digestSizeBytes); - digest.DoFinal(hash, 0, digestSizeBytes); + digest.OutputFinal(hash, 0, digestSizeBytes); } } @@ -1569,7 +1569,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* Hash the seed with H_5, store digest in output */ digest.Update((byte) 5); digest.BlockUpdate(seed, seedOffset, seedSizeBytes); - digest.DoFinal(output, 0, digestSizeBytes); + digest.OutputFinal(output, 0, digestSizeBytes); /* Hash H_5(seed), the view, and the length */ digest.BlockUpdate(output, 0, digestSizeBytes); @@ -1582,7 +1582,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(view.communicatedBits, 0, andSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE((uint)outputBytes), 0, 2); - digest.DoFinal(output, 0, outputBytes); + digest.OutputFinal(output, 0, outputBytes); } private void mpc_LowMC(Tape tapes, View[] views, uint[] plaintext, uint[] slab) @@ -1635,7 +1635,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* Hash the seed, store result in `hash` */ digest.Update((byte) 4); digest.BlockUpdate(seed, seedOffset, seedSizeBytes); - digest.DoFinal(hash, 0, digestSizeBytes); + digest.OutputFinal(hash, 0, digestSizeBytes); /* Compute H_0(H_4(seed), view) */ digest.Update((byte) 0); @@ -1643,7 +1643,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(Pack.UInt32_To_LE(view.inputShare), 0, stateSizeBytes); digest.BlockUpdate(view.communicatedBits, 0, andSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE(view.outputShare), 0, stateSizeBytes); - digest.DoFinal(hash, 0, digestSizeBytes); + digest.OutputFinal(hash, 0, digestSizeBytes); } private void mpc_substitution(uint[] state, Tape rand, View[] views) @@ -1747,7 +1747,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* Hash the seed and a constant, store the result in tape. */ digest.Update((byte) 2); digest.BlockUpdate(seed, seedOffset, seedSizeBytes); - digest.DoFinal(tape, 0, digestSizeBytes); + digest.OutputFinal(tape, 0, digestSizeBytes); // Console.Error.Write("tape: " + Hex.toHexString(tape)); /* Expand the hashed seed, salt, round and player indices, and output @@ -1757,7 +1757,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(Pack.UInt32_To_LE(roundNumber), 0, 2); digest.BlockUpdate(Pack.UInt32_To_LE(playerNumber), 0, 2); digest.BlockUpdate(Pack.UInt32_To_LE((uint)tapeLen), 0, 2); - digest.DoFinal(tape, 0, tapeLen); + digest.OutputFinal(tape, 0, tapeLen); return true; } @@ -1773,7 +1773,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(Pack.UInt32_To_LE((uint)stateSizeBits), 0, 2); // Derive the N*T seeds + 1 salt - digest.DoFinal(allSeeds, 0, seedSizeBytes * (numMPCParties * numMPCRounds) + saltSizeBytes); + digest.OutputFinal(allSeeds, 0, seedSizeBytes * (numMPCParties * numMPCRounds) + saltSizeBytes); return allSeeds; } @@ -1963,7 +1963,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(Pack.UInt32_To_LE(pubKey), 0, stateSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE(plaintext), 0, stateSizeBytes); digest.BlockUpdate(message, 0, message.Length); - digest.DoFinal(challengeHash, 0, digestSizeBytes); + digest.OutputFinal(challengeHash, 0, digestSizeBytes); if ((challengeC != null) && (challengeP != null)) { @@ -2041,7 +2041,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.Update((byte) 1); digest.BlockUpdate(h, 0, digestSizeBytes); - digest.DoFinal(h, 0, digestSizeBytes); + digest.OutputFinal(h, 0, digestSizeBytes); } // Note that we always compute h = H(h) after setting C @@ -2066,7 +2066,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.Update((byte) 1); digest.BlockUpdate(h, 0, digestSizeBytes); - digest.DoFinal(h, 0, digestSizeBytes); + digest.OutputFinal(h, 0, digestSizeBytes); } } @@ -2077,7 +2077,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(C[i], 0, digestSizeBytes); } - digest.DoFinal(digest_arr, 0, digestSizeBytes); + digest.OutputFinal(digest_arr, 0, digestSizeBytes); } private void commit_v(byte[] digest_arr, byte[] input, Msg msg) @@ -2089,7 +2089,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(msg.msgs[i], 0, msgs_size); } - digest.DoFinal(digest_arr, 0, digestSizeBytes); + digest.OutputFinal(digest_arr, 0, digestSizeBytes); } private int SimulateOnline(uint[] maskedKey, Tape tape, uint[] tmp_shares, @@ -2139,7 +2139,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(salt, 0, saltSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE(t), 0, 2); digest.BlockUpdate(Pack.UInt32_To_LE(i), 0, 2); - digest.DoFinal(tape.tapes[i], 0, tapeSizeBytes); + digest.OutputFinal(tape.tapes[i], 0, tapeSizeBytes); } } @@ -2314,7 +2314,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(salt, 0, saltSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE(t), 0, 2); digest.BlockUpdate(Pack.UInt32_To_LE(j), 0, 2); - digest.DoFinal(digest_arr, 0, digestSizeBytes); + digest.OutputFinal(digest_arr, 0, digestSizeBytes); } private void ComputeSaltAndRootSeed(byte[] saltAndRoot, uint[] privateKey, uint[] pubKey, uint[] plaintext, byte[] message) @@ -2338,7 +2338,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(pubkey_bytes, 0, stateSizeBytes); digest.BlockUpdate(plaintext_bytes, 0, stateSizeBytes); digest.BlockUpdate(Pack.UInt16_To_LE((ushort) (stateSizeBits & 0xffff)), 0, 2); - digest.DoFinal(saltAndRoot, 0, saltAndRoot.Length); + digest.OutputFinal(saltAndRoot, 0, saltAndRoot.Length); } static bool is_picnic3(int parameters) diff --git a/crypto/src/pqc/crypto/picnic/Tree.cs b/crypto/src/pqc/crypto/picnic/Tree.cs index 36efea831..50f844a52 100644 --- a/crypto/src/pqc/crypto/picnic/Tree.cs +++ b/crypto/src/pqc/crypto/picnic/Tree.cs @@ -450,7 +450,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic engine.digest.BlockUpdate(salt, 0, PicnicEngine.saltSizeBytes); engine.digest.BlockUpdate(Pack.UInt32_To_LE(parent), 0, 2); - engine.digest.DoFinal(this.nodes[parent], 0, engine.digestSizeBytes); + engine.digest.OutputFinal(this.nodes[parent], 0, engine.digestSizeBytes); this.haveNode[parent] = true; } @@ -545,7 +545,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic engine.digest.BlockUpdate(salt, 0, PicnicEngine.saltSizeBytes); engine.digest.BlockUpdate(Pack.UInt16_To_LE((ushort) (repIndex & 0xffff)), 0, 2); //todo check endianness engine.digest.BlockUpdate(Pack.UInt16_To_LE((ushort) (nodeIndex & 0xffff)), 0, 2); //todo check endianness - engine.digest.DoFinal(digest_arr, 0, 2 * engine.seedSizeBytes); + engine.digest.OutputFinal(digest_arr, 0, 2 * engine.seedSizeBytes); // System.out.println("hash: " + Hex.toHexString(digest_arr)); } diff --git a/crypto/src/pqc/crypto/saber/Poly.cs b/crypto/src/pqc/crypto/saber/Poly.cs index f36b62031..021f1d0e3 100644 --- a/crypto/src/pqc/crypto/saber/Poly.cs +++ b/crypto/src/pqc/crypto/saber/Poly.cs @@ -39,7 +39,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber IXof digest = new ShakeDigest(128); digest.BlockUpdate(seed, 0, engine.getSABER_SEEDBYTES()); - digest.DoFinal(buf, 0, buf.Length); + digest.OutputFinal(buf, 0, buf.Length); for (i = 0; i < SABER_L; i++) { @@ -53,7 +53,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber int i; IXof digest = new ShakeDigest(128); digest.BlockUpdate(seed, 0, engine.getSABER_NOISE_SEEDBYTES()); - digest.DoFinal(buf, 0, buf.Length); + digest.OutputFinal(buf, 0, buf.Length); for (i = 0; i < SABER_L; i++) { diff --git a/crypto/src/pqc/crypto/saber/SABEREngine.cs b/crypto/src/pqc/crypto/saber/SABEREngine.cs index 38efdd8f3..a7c8d3ff9 100644 --- a/crypto/src/pqc/crypto/saber/SABEREngine.cs +++ b/crypto/src/pqc/crypto/saber/SABEREngine.cs @@ -204,7 +204,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber IXof digest = new ShakeDigest(128); digest.BlockUpdate(seed_A, 0, SABER_SEEDBYTES); - digest.DoFinal(seed_A, 0, SABER_SEEDBYTES); + digest.OutputFinal(seed_A, 0, SABER_SEEDBYTES); random.NextBytes(seed_s); diff --git a/crypto/src/pqc/crypto/sike/SIKEEngine.cs b/crypto/src/pqc/crypto/sike/SIKEEngine.cs index de1ed1ed5..e7b218589 100644 --- a/crypto/src/pqc/crypto/sike/SIKEEngine.cs +++ b/crypto/src/pqc/crypto/sike/SIKEEngine.cs @@ -126,7 +126,7 @@ internal class SIKEEngine IXof digest = new ShakeDigest(256); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES)); - digest.DoFinal(ephemeralsk, 0, (int) param.SECRETKEY_B_BYTES); + digest.OutputFinal(ephemeralsk, 0, (int) param.SECRETKEY_B_BYTES); sidhCompressed.FormatPrivKey_B(ephemeralsk); @@ -144,7 +144,7 @@ internal class SIKEEngine // System.out.println("jinv: " + Hex.toHexstring(jinvariant)); digest.BlockUpdate(jinvariant, 0, (int) param.FP2_ENCODED_BYTES); - digest.DoFinal(h, 0, (int) param.MSG_BYTES); + digest.OutputFinal(h, 0, (int) param.MSG_BYTES); // System.out.println("h: " + Hex.toHexstring(h)); // System.out.println("temp: " + Hex.toHexstring(temp)); @@ -158,7 +158,7 @@ internal class SIKEEngine System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES)); - digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES); + digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES); return 0; } else @@ -174,7 +174,7 @@ internal class SIKEEngine IXof digest = new ShakeDigest(256); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES)); - digest.DoFinal(ephemeralsk, 0, (int) param.SECRETKEY_A_BYTES); + digest.OutputFinal(ephemeralsk, 0, (int) param.SECRETKEY_A_BYTES); ephemeralsk[param.SECRETKEY_A_BYTES - 1] &= (byte) param.MASK_ALICE; // Encrypt @@ -182,7 +182,7 @@ internal class SIKEEngine sidh.EphemeralSecretAgreement_A(ephemeralsk, pk, jinvariant); digest.BlockUpdate(jinvariant, 0, (int) param.FP2_ENCODED_BYTES); - digest.DoFinal(h, 0, (int) param.MSG_BYTES); + digest.OutputFinal(h, 0, (int) param.MSG_BYTES); for (int i = 0; i < param.MSG_BYTES; i++) { @@ -193,7 +193,7 @@ internal class SIKEEngine System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES)); - digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES); + digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES); return 0; } @@ -218,7 +218,7 @@ internal class SIKEEngine IXof digest = new ShakeDigest(256); digest.BlockUpdate(jinvariant_, 0, (int) param.FP2_ENCODED_BYTES); - digest.DoFinal(h_, 0, (int) param.MSG_BYTES); + digest.OutputFinal(h_, 0, (int) param.MSG_BYTES); // System.out.println("h_: " + Hex.toHexstring(h_)); @@ -231,7 +231,7 @@ internal class SIKEEngine System.Array.Copy(sk, param.MSG_BYTES + param.SECRETKEY_A_BYTES, temp, param.MSG_BYTES, param.CRYPTO_PUBLICKEYBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES)); - digest.DoFinal(ephemeralsk_, 0, (int) param.SECRETKEY_B_BYTES); + digest.OutputFinal(ephemeralsk_, 0, (int) param.SECRETKEY_B_BYTES); sidhCompressed.FormatPrivKey_B(ephemeralsk_); // Generate shared secret ss <- H(m||ct), or output ss <- H(s||ct) in case of ct verification failure @@ -242,7 +242,7 @@ internal class SIKEEngine System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES)); - digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES); + digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES); return 0; } @@ -260,7 +260,7 @@ internal class SIKEEngine IXof digest = new ShakeDigest(256); digest.BlockUpdate(jinvariant_, 0, (int) param.FP2_ENCODED_BYTES); - digest.DoFinal(h_, 0, (int) param.MSG_BYTES); + digest.OutputFinal(h_, 0, (int) param.MSG_BYTES); for (int i = 0; i < param.MSG_BYTES; i++) { temp[i] = (byte) (ct[i + param.CRYPTO_PUBLICKEYBYTES] ^ h_[i]); @@ -270,7 +270,7 @@ internal class SIKEEngine System.Array.Copy(sk, param.MSG_BYTES + param.SECRETKEY_B_BYTES, temp, param.MSG_BYTES, param.CRYPTO_PUBLICKEYBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES)); - digest.DoFinal(ephemeralsk_, 0, (int) param.SECRETKEY_A_BYTES); + digest.OutputFinal(ephemeralsk_, 0, (int) param.SECRETKEY_A_BYTES); ephemeralsk_[param.SECRETKEY_A_BYTES - 1] &= (byte) param.MASK_ALICE; @@ -283,7 +283,7 @@ internal class SIKEEngine System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES)); - digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES); + digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES); return 0; } diff --git a/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs b/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs index 86c2f8fbb..f55a87778 100644 --- a/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs +++ b/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs @@ -11,7 +11,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { byte[] buf = new byte[640]; BlockUpdate(pkSeed, 0, pkSeed.Length); - DoFinal(buf, 0, buf.Length); + OutputFinal(buf, 0, buf.Length); haraka512_rc = new ulong[10][]; haraka256_rc = new uint[10][]; for (int i = 0; i < 10; ++i) @@ -51,7 +51,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus } } - public int DoFinal(byte[] output, int outOff, int len) + public int OutputFinal(byte[] output, int outOff, int len) { int outLen = len; diff --git a/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs b/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs index a625cb32d..35d7c883e 100644 --- a/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs +++ b/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs @@ -114,7 +114,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return OutputFinal(output[..32]); } - public int DoOutput(byte[] output, int outOff, int outLen) + public int Output(byte[] output, int outOff, int outLen) { return Output(output.AsSpan(outOff, outLen)); } @@ -157,7 +157,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return result; } - public int DoFinal(byte[] output, int outOff, int outLen) + public int OutputFinal(byte[] output, int outOff, int outLen) { return OutputFinal(output.AsSpan(outOff, outLen)); } diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs index 86e93383c..3c295c3bd 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs @@ -372,7 +372,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); treeDigest.BlockUpdate(mTheta, 0, mTheta.Length); - treeDigest.DoFinal(rv, 0, rv.Length); + treeDigest.OutputFinal(rv, 0, rv.Length); return rv; } @@ -395,7 +395,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(m2, 0, m2.Length); } - treeDigest.DoFinal(rv, 0, rv.Length); + treeDigest.OutputFinal(rv, 0, rv.Length); return rv; } @@ -414,7 +414,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(pkRoot, 0, pkRoot.Length); treeDigest.BlockUpdate(message, 0, message.Length); - treeDigest.DoFinal(output, 0, output.Length); + treeDigest.OutputFinal(output, 0, output.Length); // tree index // currently, only indexes up to 64 bits are supported @@ -440,7 +440,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); treeDigest.BlockUpdate(mTheta, 0, mTheta.Length); - treeDigest.DoFinal(rv, 0, rv.Length); + treeDigest.OutputFinal(rv, 0, rv.Length); return rv; } @@ -450,7 +450,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); treeDigest.BlockUpdate(skSeed, 0, skSeed.Length); - treeDigest.DoFinal(prf, prfOff, N); + treeDigest.OutputFinal(prf, prfOff, N); } public override byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message) @@ -459,7 +459,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(randomiser, 0, randomiser.Length); treeDigest.BlockUpdate(message, 0, message.Length); byte[] output = new byte[N]; - treeDigest.DoFinal(output, 0, output.Length); + treeDigest.OutputFinal(output, 0, output.Length); return output; } @@ -469,8 +469,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus maskDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); maskDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); - - maskDigest.DoFinal(mask, 0, mask.Length); + maskDigest.OutputFinal(mask, 0, mask.Length); for (int i = 0; i < m.Length; ++i) { @@ -486,8 +485,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus maskDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); maskDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); - - maskDigest.DoFinal(mask, 0, mask.Length); + maskDigest.OutputFinal(mask, 0, mask.Length); for (int i = 0; i < m1.Length; ++i) { @@ -555,7 +553,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus m = Bitmask(adrs, m); harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length); harakaSXof.BlockUpdate(m, 0, m.Length); - harakaSXof.DoFinal(rv, 0, rv.Length); + harakaSXof.OutputFinal(rv, 0, rv.Length); return rv; } @@ -571,7 +569,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus harakaSXof.BlockUpdate(prf, 0, prf.Length); harakaSXof.BlockUpdate(pkRoot, 0, pkRoot.Length); harakaSXof.BlockUpdate(message, 0, message.Length); - harakaSXof.DoFinal(output, 0, output.Length); + harakaSXof.OutputFinal(output, 0, output.Length); // tree index // currently, only indexes up to 64 bits are supported @@ -590,7 +588,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus m = Bitmask(adrs, m); harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length); harakaSXof.BlockUpdate(m, 0, m.Length); - harakaSXof.DoFinal(rv, 0, rv.Length); + harakaSXof.OutputFinal(rv, 0, rv.Length); return rv; } @@ -609,7 +607,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus harakaSXof.BlockUpdate(prf, 0, prf.Length); harakaSXof.BlockUpdate(randomiser, 0, randomiser.Length); harakaSXof.BlockUpdate(message, 0, message.Length); - harakaSXof.DoFinal(rv, 0, rv.Length); + harakaSXof.OutputFinal(rv, 0, rv.Length); return rv; } @@ -619,7 +617,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { byte[] mask = new byte[m.Length]; harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length); - harakaSXof.DoFinal(mask, 0, mask.Length); + harakaSXof.OutputFinal(mask, 0, mask.Length); for (int i = 0; i < m.Length; ++i) { m[i] ^= mask[i]; |