diff --git a/crypto/src/crypto/util/Pack.cs b/crypto/src/crypto/util/Pack.cs
index 3396a7fc7..e281f1818 100644
--- a/crypto/src/crypto/util/Pack.cs
+++ b/crypto/src/crypto/util/Pack.cs
@@ -1,4 +1,5 @@
using System;
+using System.Diagnostics;
using System.Runtime.CompilerServices;
namespace Org.BouncyCastle.Crypto.Utilities
@@ -152,6 +153,19 @@ namespace Org.BouncyCastle.Crypto.Utilities
| bs[off + 3];
}
+ internal static uint BE_To_UInt32_Partial(byte[] bs, int off, int len)
+ {
+ Debug.Assert(1 <= len && len <= 4);
+
+ uint result = bs[off];
+ for (int i = 1; i < len; ++i)
+ {
+ result <<= 8;
+ result |= bs[off + i];
+ }
+ return result;
+ }
+
internal static void BE_To_UInt32(byte[] bs, int off, uint[] ns)
{
for (int i = 0; i < ns.Length; ++i)
@@ -228,6 +242,19 @@ namespace Org.BouncyCastle.Crypto.Utilities
return ((ulong)hi << 32) | (ulong)lo;
}
+ internal static ulong BE_To_UInt64_Partial(byte[] bs, int off, int len)
+ {
+ Debug.Assert(1 <= len && len <= 8);
+
+ ulong result = bs[off];
+ for (int i = 1; i < len; ++i)
+ {
+ result <<= 8;
+ result |= bs[off + i];
+ }
+ return result;
+ }
+
internal static void BE_To_UInt64(byte[] bs, int off, ulong[] ns)
{
for (int i = 0; i < ns.Length; ++i)
diff --git a/crypto/src/pqc/crypto/sphincsplus/Adrs.cs b/crypto/src/pqc/crypto/sphincsplus/Adrs.cs
index 6c22a9d78..39b0fa16d 100644
--- a/crypto/src/pqc/crypto/sphincsplus/Adrs.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/Adrs.cs
@@ -7,24 +7,24 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
internal class Adrs
{
- public static uint WOTS_HASH = 0;
- public static uint WOTS_PK = 1;
- public static uint TREE = 2;
- public static uint FORS_TREE = 3;
- public static uint FORS_PK = 4;
- public static uint WOTS_PRF = 5;
- public static uint FORS_PRF = 6;
+ internal static uint WOTS_HASH = 0;
+ internal static uint WOTS_PK = 1;
+ internal static uint TREE = 2;
+ internal static uint FORS_TREE = 3;
+ internal static uint FORS_PK = 4;
+ internal static uint WOTS_PRF = 5;
+ internal static uint FORS_PRF = 6;
internal static int OFFSET_LAYER = 0;
internal static int OFFSET_TREE = 4;
- static int OFFSET_TREE_HGT = 24;
- static int OFFSET_TREE_INDEX = 28;
+ internal static int OFFSET_TREE_HGT = 24;
+ internal static int OFFSET_TREE_INDEX = 28;
internal static int OFFSET_TYPE = 16;
- static int OFFSET_KP_ADDR = 20;
- static int OFFSET_CHAIN_ADDR = 24;
- static int OFFSET_HASH_ADDR = 28;
+ internal static int OFFSET_KP_ADDR = 20;
+ internal static int OFFSET_CHAIN_ADDR = 24;
+ internal static int OFFSET_HASH_ADDR = 28;
- internal byte[] value = new byte[32];
+ internal readonly byte[] value = new byte[32];
internal Adrs()
{
@@ -32,80 +32,80 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
internal Adrs(Adrs adrs)
{
- Array.Copy(adrs.value, 0, this.value, 0, adrs.value.Length);
+ Array.Copy(adrs.value, 0, value, 0, adrs.value.Length);
}
- public void SetLayerAddress(uint layer)
+ internal void SetLayerAddress(uint layer)
{
Pack.UInt32_To_BE(layer, value, OFFSET_LAYER);
}
- public uint GetLayerAddress()
+ internal uint GetLayerAddress()
{
return Pack.BE_To_UInt32(value, OFFSET_LAYER);
}
- public void SetTreeAddress(ulong tree)
+ internal void SetTreeAddress(ulong tree)
{
// tree address is 12 bytes
Pack.UInt64_To_BE(tree, value, OFFSET_TREE + 4);
}
- public ulong GetTreeAddress()
+ internal ulong GetTreeAddress()
{
+ // tree address is 12 bytes
return Pack.BE_To_UInt64(value, OFFSET_TREE + 4);
}
- public void SetTreeHeight(uint height)
+ internal void SetTreeHeight(uint height)
{
Pack.UInt32_To_BE(height, value, OFFSET_TREE_HGT);
}
- public uint GetTreeHeight()
+ internal uint GetTreeHeight()
{
return Pack.BE_To_UInt32(value, OFFSET_TREE_HGT);
}
- public void SetTreeIndex(uint index)
+ internal void SetTreeIndex(uint index)
{
Pack.UInt32_To_BE(index, value, OFFSET_TREE_INDEX);
}
- public uint GetTreeIndex()
+ internal uint GetTreeIndex()
{
return Pack.BE_To_UInt32(value, OFFSET_TREE_INDEX);
}
// resets part of value to zero in line with 2.7.3
- public void SetType(uint type)
+ internal void SetAdrsType(uint adrsType)
{
- Pack.UInt32_To_BE(type, value, OFFSET_TYPE);
+ Pack.UInt32_To_BE(adrsType, value, OFFSET_TYPE);
- Arrays.Fill(value, 20, value.Length, (byte) 0);
+ Arrays.Fill(value, OFFSET_TYPE + 4, value.Length, 0x00);
}
- public void ChangeType(uint type)
+ internal void ChangeAdrsType(uint adrsType)
{
- Pack.UInt32_To_BE(type, value, OFFSET_TYPE);
+ Pack.UInt32_To_BE(adrsType, value, OFFSET_TYPE);
}
- // FIXME
- public new uint GetType()
+ internal uint GetAdrsType()
{
return Pack.BE_To_UInt32(value, OFFSET_TYPE);
}
- public void SetKeyPairAddress(uint keyPairAddr)
+ internal void SetKeyPairAddress(uint keyPairAddr)
{
Pack.UInt32_To_BE(keyPairAddr, value, OFFSET_KP_ADDR);
}
- public uint GetKeyPairAddress()
+ internal uint GetKeyPairAddress()
{
return Pack.BE_To_UInt32(value, OFFSET_KP_ADDR);
}
- public void SetHashAddress(uint hashAddr)
+ internal void SetHashAddress(uint hashAddr)
{
Pack.UInt32_To_BE(hashAddr, value, OFFSET_HASH_ADDR);
}
@@ -115,4 +115,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
Pack.UInt32_To_BE(chainAddr, value, OFFSET_CHAIN_ADDR);
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/Fors.cs b/crypto/src/pqc/crypto/sphincsplus/Fors.cs
index af86eec10..1698d1be7 100644
--- a/crypto/src/pqc/crypto/sphincsplus/Fors.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/Fors.cs
@@ -1,94 +1,93 @@
-using System;
using System.Collections.Generic;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- class Fors
+ internal class Fors
{
- SPHINCSPlusEngine engine;
+ private readonly SphincsPlusEngine engine;
- public Fors(SPHINCSPlusEngine engine)
+ internal Fors(SphincsPlusEngine engine)
{
this.engine = engine;
}
// Input: Secret seed SK.seed, start index s, target node height z, public seed PK.seed, address Adrs
// Output: n-byte root node - top node on Stack
- byte[] TreeHash(byte[] skSeed, uint s, int z, byte[] pkSeed, Adrs adrsParam)
+ internal byte[] TreeHash(byte[] skSeed, uint s, int z, byte[] pkSeed, Adrs adrsParam)
{
- var stack = new List<NodeEntry>();
-
if (s % (1 << z) != 0)
- {
return null;
- }
+ var stack = new Stack<NodeEntry>();
Adrs adrs = new Adrs(adrsParam);
+ byte[] sk = new byte[engine.N];
for (uint idx = 0; idx < (1 << z); idx++)
{
- adrs.SetType(Adrs.FORS_PRF);
+ adrs.SetAdrsType(Adrs.FORS_PRF);
adrs.SetKeyPairAddress(adrsParam.GetKeyPairAddress());
adrs.SetTreeHeight(0);
adrs.SetTreeIndex(s + idx);
- byte[] sk = engine.PRF(pkSeed, skSeed, adrs);
+ engine.PRF(pkSeed, skSeed, adrs, sk, 0);
- adrs.ChangeType(Adrs.FORS_TREE);
+ adrs.ChangeAdrsType(Adrs.FORS_TREE);
byte[] node = engine.F(pkSeed, adrs, sk);
-
+
adrs.SetTreeHeight(1);
+ uint adrsTreeHeight = 1;
+ uint adrsTreeIndex = s + idx;
+
// while ( Top node on Stack has same height as node )
- while (stack.Count != 0
- && ((NodeEntry) stack[0]).nodeHeight == adrs.GetTreeHeight())
+ while (stack.Count > 0 && stack.Peek().nodeHeight == adrsTreeHeight)
{
- adrs.SetTreeIndex((adrs.GetTreeIndex() - 1) / 2);
- NodeEntry current = (NodeEntry) stack[0];
- stack.RemoveAt(0);
+ adrsTreeIndex = (adrsTreeIndex - 1) / 2;
+ adrs.SetTreeIndex(adrsTreeIndex);
+
+ node = engine.H(pkSeed, adrs, stack.Pop().nodeValue, node);
- node = engine.H(pkSeed, adrs, current.nodeValue, node);
//topmost node is now one layer higher
- adrs.SetTreeHeight(adrs.GetTreeHeight() + 1);
+ adrs.SetTreeHeight(++adrsTreeHeight);
}
- stack.Insert(0, new NodeEntry(node, adrs.GetTreeHeight()));
+ stack.Push(new NodeEntry(node, adrsTreeHeight));
}
- return ((NodeEntry) stack[0]).nodeValue;
+ return stack.Peek().nodeValue;
}
- public SIG_FORS[] Sign(byte[] md, byte[] skSeed, byte[] pkSeed, Adrs paramAdrs)
+ internal SIG_FORS[] Sign(byte[] md, byte[] skSeed, byte[] pkSeed, Adrs paramAdrs)
{
Adrs adrs = new Adrs(paramAdrs);
- uint[] idxs = MessageToIdxs(md, engine.K, engine.A);
SIG_FORS[] sig_fors = new SIG_FORS[engine.K];
// compute signature elements
uint t = engine.T;
for (uint i = 0; i < engine.K; i++)
{
// get next index
- uint idx = idxs[i];
+ uint idx = GetMessageIdx(md, (int)i, engine.A);
+
// pick private key element
-
- adrs.SetType(Adrs.FORS_PRF);
+ adrs.SetAdrsType(Adrs.FORS_PRF);
adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress());
adrs.SetTreeHeight(0);
adrs.SetTreeIndex((uint) (i * t + idx));
-
- byte[] sk = engine.PRF(pkSeed, skSeed, adrs);
-
- adrs.ChangeType(Adrs.FORS_TREE);
-
+
+ byte[] sk = new byte[engine.N];
+ engine.PRF(pkSeed, skSeed, adrs, sk, 0);
+
+ adrs.ChangeAdrsType(Adrs.FORS_TREE);
+
byte[][] authPath = new byte[engine.A][];
// compute auth path
for (int j = 0; j < engine.A; j++)
{
- uint s = (uint) (idx / (1 << j)) ^ 1;
- authPath[j] = TreeHash(skSeed, (uint) (i * t + s * (1 << j)), j, pkSeed, adrs);
+ uint s = (idx >> j) ^ 1U;
+ authPath[j] = TreeHash(skSeed, (uint) (i * t + (s << j)), j, pkSeed, adrs);
}
sig_fors[i] = new SIG_FORS(sk, authPath);
@@ -97,49 +96,48 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
return sig_fors;
}
- public byte[] PKFromSig(SIG_FORS[] sig_fors, byte[] message, byte[] pkSeed, Adrs adrs)
+ internal byte[] PKFromSig(SIG_FORS[] sig_fors, byte[] message, byte[] pkSeed, Adrs adrs)
{
- byte[][] node = new byte[2][];
byte[][] root = new byte[engine.K][];
uint t = engine.T;
- uint[] idxs = MessageToIdxs(message, engine.K, engine.A);
// compute roots
for (uint i = 0; i < engine.K; i++)
{
// get next index
- uint idx = idxs[i];
+ uint idx = GetMessageIdx(message, (int)i, engine.A);
+
// compute leaf
byte[] sk = sig_fors[i].SK;
adrs.SetTreeHeight(0);
adrs.SetTreeIndex(i * t + idx);
- node[0] = engine.F(pkSeed, adrs, sk);
+ byte[] node = engine.F(pkSeed, adrs, sk);
+
// compute root from leaf and AUTH
byte[][] authPath = sig_fors[i].AuthPath;
-
- adrs.SetTreeIndex(i * t + idx);
+ uint adrsTreeIndex = i * t + idx;
for (int j = 0; j < engine.A; j++)
{
adrs.SetTreeHeight((uint)j + 1);
- if (((idx / (1 << j)) % 2) == 0)
+ if (((idx >> j) % 2) == 0U)
{
- adrs.SetTreeIndex(adrs.GetTreeIndex() / 2);
- node[1] = engine.H(pkSeed, adrs, node[0], authPath[j]);
+ adrsTreeIndex = adrsTreeIndex / 2;
+ adrs.SetTreeIndex(adrsTreeIndex);
+ node = engine.H(pkSeed, adrs, node, authPath[j]);
}
else
{
- adrs.SetTreeIndex((adrs.GetTreeIndex() - 1) / 2);
- node[1] = engine.H(pkSeed, adrs, authPath[j], node[0]);
+ adrsTreeIndex = (adrsTreeIndex - 1) / 2;
+ adrs.SetTreeIndex(adrsTreeIndex);
+ node = engine.H(pkSeed, adrs, authPath[j], node);
}
-
- node[0] = node[1];
}
- root[i] = node[0];
+ root[i] = node;
}
Adrs forspkAdrs = new Adrs(adrs); // copy address to create FTS public key address
- forspkAdrs.SetType(Adrs.FORS_PK);
+ forspkAdrs.SetAdrsType(Adrs.FORS_PK);
forspkAdrs.SetKeyPairAddress(adrs.GetKeyPairAddress());
return engine.T_l(pkSeed, forspkAdrs, Arrays.ConcatenateAll(root));
}
@@ -149,21 +147,16 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
* Assumes m contains at least SPX_FORS_HEIGHT * SPX_FORS_TREES bits.
* Assumes indices has space for SPX_FORS_TREES integers.
*/
- static uint[] MessageToIdxs(byte[] msg, int fors_trees, int fors_height)
+ private static uint GetMessageIdx(byte[] msg, int fors_tree, int fors_height)
{
- uint offset = 0;
- uint[] idxs = new uint[fors_trees];
- for (int i = 0; i < fors_trees; i++)
+ int offset = fors_tree * fors_height;
+ uint idx = 0;
+ for (int bit = 0; bit < fors_height; bit++)
{
- idxs[i] = 0;
- for (int j = 0; j < fors_height; j++)
- {
- idxs[i] ^= (uint) (((msg[offset >> 3] >> (int)(offset & 0x7)) & 0x1) << j);
- offset++;
- }
+ idx ^= (((uint)msg[offset >> 3] >> (offset & 0x7)) & 1U) << bit;
+ offset++;
}
-
- return idxs;
+ return idx;
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/HT.cs b/crypto/src/pqc/crypto/sphincsplus/HT.cs
index 2cd149f0d..59d0aeb1d 100644
--- a/crypto/src/pqc/crypto/sphincsplus/HT.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/HT.cs
@@ -9,12 +9,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
private byte[] skSeed;
private byte[] pkSeed;
- SPHINCSPlusEngine engine;
+ SphincsPlusEngine engine;
WotsPlus wots;
internal byte[] HTPubKey;
- public HT(SPHINCSPlusEngine engine, byte[] skSeed, byte[] pkSeed)
+ public HT(SphincsPlusEngine engine, byte[] skSeed, byte[] pkSeed)
{
this.skSeed = skSeed;
this.pkSeed = pkSeed;
@@ -87,16 +87,16 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
Adrs adrs = new Adrs(paramAdrs);
// compute WOTS+ pk from WOTS+ sig
- adrs.SetType(Adrs.WOTS_HASH);
+ adrs.SetAdrsType(Adrs.WOTS_HASH);
adrs.SetKeyPairAddress(idx);
- byte[] sig = sig_xmss.GetWOTSSig();
- byte[][] AUTH = sig_xmss.GetXMSSAUTH();
+ byte[] sig = sig_xmss.WotsSig;
+ byte[][] AUTH = sig_xmss.XmssAuth;
byte[] node0 = wots.PKFromSig(sig, M, pkSeed, adrs);
byte[] node1 = null;
// compute root from WOTS+ pk and AUTH
- adrs.SetType(Adrs.TREE);
+ adrs.SetAdrsType(Adrs.TREE);
adrs.SetTreeIndex(idx);
for (uint k = 0; k < engine.H_PRIME; k++)
{
@@ -127,7 +127,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
Adrs adrs = new Adrs(paramAdrs);
- adrs.SetType(Adrs.TREE);
+ adrs.SetAdrsType(Adrs.TREE);
adrs.SetLayerAddress(paramAdrs.GetLayerAddress());
adrs.SetTreeAddress(paramAdrs.GetTreeAddress());
@@ -140,7 +140,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
}
adrs = new Adrs(paramAdrs);
- adrs.SetType(Adrs.WOTS_PK);
+ adrs.SetAdrsType(Adrs.WOTS_PK);
adrs.SetKeyPairAddress(idx);
byte[] sig = wots.Sign(M, skSeed, pkSeed, adrs);
@@ -153,41 +153,41 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
// Output: n-byte root node - top node on Stack
byte[] TreeHash(byte[] skSeed, uint s, uint z, byte[] pkSeed, Adrs adrsParam)
{
- Adrs adrs = new Adrs(adrsParam);
-
- var stack = new List<NodeEntry>();
-
if (s % (1 << (int)z) != 0)
- {
return null;
- }
+
+ var stack = new Stack<NodeEntry>();
+ Adrs adrs = new Adrs(adrsParam);
for (uint idx = 0; idx < (1 << (int)z); idx++)
{
- adrs.SetType(Adrs.WOTS_HASH);
+ adrs.SetAdrsType(Adrs.WOTS_HASH);
adrs.SetKeyPairAddress(s + idx);
byte[] node = wots.PKGen(skSeed, pkSeed, adrs);
- adrs.SetType(Adrs.TREE);
+ adrs.SetAdrsType(Adrs.TREE);
adrs.SetTreeHeight(1);
adrs.SetTreeIndex(s + idx);
+ uint adrsTreeHeight = 1;
+ uint adrsTreeIndex = s + idx;
+
// while ( Top node on Stack has same height as node )
- while (stack.Count != 0
- && ((NodeEntry) stack[0]).nodeHeight == adrs.GetTreeHeight())
+ while (stack.Count > 0 && stack.Peek().nodeHeight == adrsTreeHeight)
{
- adrs.SetTreeIndex((adrs.GetTreeIndex() - 1) / 2);
- NodeEntry current = ((NodeEntry) stack[0]);
- stack.RemoveAt(0);
- node = engine.H(pkSeed, adrs, current.nodeValue, node);
+ adrsTreeIndex = (adrsTreeIndex - 1) / 2;
+ adrs.SetTreeIndex(adrsTreeIndex);
+
+ node = engine.H(pkSeed, adrs, stack.Pop().nodeValue, node);
+
//topmost node is now one layer higher
- adrs.SetTreeHeight(adrs.GetTreeHeight() + 1);
+ adrs.SetTreeHeight(++adrsTreeHeight);
}
- stack.Insert(0, new NodeEntry(node, adrs.GetTreeHeight()));
+ stack.Push(new NodeEntry(node, adrsTreeHeight));
}
- return ((NodeEntry) stack[0]).nodeValue;
+ return stack.Peek().nodeValue;
}
// # Input: Message M, signature SIG_HT, public seed PK.seed, tree index idx_tree,
@@ -215,4 +215,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
return Arrays.AreEqual(PK_HT, node);
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/IndexedDigest.cs b/crypto/src/pqc/crypto/sphincsplus/IndexedDigest.cs
index 61ea81c9f..6028ea2d9 100644
--- a/crypto/src/pqc/crypto/sphincsplus/IndexedDigest.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/IndexedDigest.cs
@@ -1,6 +1,6 @@
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- class IndexedDigest
+ internal class IndexedDigest
{
internal ulong idx_tree;
internal uint idx_leaf;
@@ -13,4 +13,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
this.digest = digest;
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/NodeEntry.cs b/crypto/src/pqc/crypto/sphincsplus/NodeEntry.cs
index 62713f683..d3175349b 100644
--- a/crypto/src/pqc/crypto/sphincsplus/NodeEntry.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/NodeEntry.cs
@@ -1,9 +1,9 @@
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- class NodeEntry
+ internal class NodeEntry
{
- internal byte[] nodeValue;
- internal uint nodeHeight;
+ internal readonly byte[] nodeValue;
+ internal readonly uint nodeHeight;
internal NodeEntry(byte[] nodeValue, uint nodeHeight)
{
@@ -11,4 +11,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
this.nodeHeight = nodeHeight;
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/PK.cs b/crypto/src/pqc/crypto/sphincsplus/PK.cs
index 8e97d9adb..3a5723de3 100644
--- a/crypto/src/pqc/crypto/sphincsplus/PK.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/PK.cs
@@ -1,6 +1,6 @@
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- class PK
+ internal class PK
{
internal byte[] seed;
internal byte[] root;
@@ -11,4 +11,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
this.root = root;
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SIG.cs b/crypto/src/pqc/crypto/sphincsplus/SIG.cs
index ee6234985..2fc375fe6 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SIG.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SIG.cs
@@ -2,7 +2,7 @@ using System;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- class SIG
+ internal class SIG
{
private byte[] r;
private SIG_FORS[] sig_fors;
@@ -49,16 +49,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
}
if (offset != signature.Length)
- {
throw new ArgumentException("signature wrong length");
- }
}
public byte[] R => r;
public SIG_FORS[] SIG_FORS => sig_fors;
-
public SIG_XMSS[] SIG_HT => sig_ht;
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SIG_FORS.cs b/crypto/src/pqc/crypto/sphincsplus/SIG_FORS.cs
index 4760e9ca9..f052d4220 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SIG_FORS.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SIG_FORS.cs
@@ -1,6 +1,6 @@
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- class SIG_FORS
+ internal class SIG_FORS
{
internal byte[][] authPath;
internal byte[] sk;
@@ -15,4 +15,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
public byte[][] AuthPath => authPath;
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SIG_XMSS.cs b/crypto/src/pqc/crypto/sphincsplus/SIG_XMSS.cs
index 6df86aac7..4a0a8001d 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SIG_XMSS.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SIG_XMSS.cs
@@ -1,24 +1,18 @@
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- class SIG_XMSS
+ internal class SIG_XMSS
{
internal byte[] sig;
internal byte[][] auth;
- public SIG_XMSS(byte[] sig, byte[][] auth)
+ internal SIG_XMSS(byte[] sig, byte[][] auth)
{
this.sig = sig;
this.auth = auth;
}
- public byte[] GetWOTSSig()
- {
- return sig;
- }
+ internal byte[] WotsSig => sig;
- public byte[][] GetXMSSAUTH()
- {
- return auth;
- }
+ internal byte[][] XmssAuth => auth;
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SK.cs b/crypto/src/pqc/crypto/sphincsplus/SK.cs
index 5fb3d0839..86eefa110 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SK.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SK.cs
@@ -1,6 +1,6 @@
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- class SK
+ internal class SK
{
internal byte[] seed;
internal byte[] prf;
@@ -11,4 +11,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
this.prf = prf;
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs
index c9176ecaa..f7617f3c1 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs
@@ -10,7 +10,7 @@ using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- internal abstract class SPHINCSPlusEngine
+ internal abstract class SphincsPlusEngine
{
bool robust;
@@ -30,7 +30,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
internal uint T; // T = 1 << A
- public SPHINCSPlusEngine(bool robust, int n, uint w, uint d, int a, int k, uint h)
+ public SphincsPlusEngine(bool robust, int n, uint w, uint d, int a, int k, uint h)
{
this.N = n;
@@ -100,12 +100,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
public abstract byte[] T_l(byte[] pkSeed, Adrs adrs, byte[] m);
- public abstract byte[] PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs);
+ public abstract void PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs, byte[] prf, int prfOff);
public abstract byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message);
internal class Sha2Engine
- : SPHINCSPlusEngine
+ : SphincsPlusEngine
{
private HMac treeHMac;
private Mgf1BytesGenerator mgf1;
@@ -207,33 +207,25 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
uint treeBits = FH - leafBits;
uint leafBytes = (leafBits + 7) / 8;
uint treeBytes = (treeBits + 7) / 8;
- uint m = (uint)forsMsgBytes + leafBytes + treeBytes;
- byte[] output = new byte[m];
- byte[] dig = new byte[msgDigest.GetDigestSize()];
+ uint m = (uint)forsMsgBytes + treeBytes + leafBytes;
+ byte[] dig = new byte[msgDigest.GetDigestSize()];
msgDigest.BlockUpdate(prf, 0, prf.Length);
msgDigest.BlockUpdate(pkSeed, 0, pkSeed.Length);
msgDigest.BlockUpdate(pkRoot, 0, pkRoot.Length);
msgDigest.BlockUpdate(message, 0, message.Length);
msgDigest.DoFinal(dig, 0);
-
+ byte[] output = new byte[m];
output = Bitmask(Arrays.ConcatenateAll(prf, pkSeed, dig), output);
// tree index
// currently, only indexes up to 64 bits are supported
- byte[] treeIndexBuf = new byte[8];
- Array.Copy(output, forsMsgBytes, treeIndexBuf, 8 - treeBytes, treeBytes);
- ulong treeIndex = Pack.BE_To_UInt64(treeIndexBuf, 0);
- if (64 - treeBits != 0)
- treeIndex &= (ulong)((0x7fffffffffffffffL) >> (int)(64 - treeBits - 1));
+ ulong treeIndex = Pack.BE_To_UInt64_Partial(output, forsMsgBytes, (int)treeBytes)
+ & ulong.MaxValue >> (64 - (int)treeBits);
- byte[] leafIndexBuf = new byte[4];
- Array.Copy(output, forsMsgBytes + treeBytes, leafIndexBuf, 4 - leafBytes, leafBytes);
-
- uint leafIndex = Pack.BE_To_UInt32(leafIndexBuf, 0);
- if (32 - leafBits != 0)
- leafIndex &= (uint)((0x7fffffff) >> (int)(32 - leafBits - 1));//todo???
+ uint leafIndex = Pack.BE_To_UInt32_Partial(output, forsMsgBytes + (int)treeBytes, (int)leafBytes)
+ & uint.MaxValue >> (32 - (int)leafBits);
return new IndexedDigest(treeIndex, leafIndex, Arrays.CopyOfRange(output, 0, forsMsgBytes));
}
@@ -256,7 +248,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
return Arrays.CopyOfRange(msgDigestBuf, 0, N);
}
- public override byte[] PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs)
+ public override void PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs, byte[] prf, int prfOff)
{
int n = skSeed.Length;
@@ -268,7 +260,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
sha256.BlockUpdate(skSeed, 0, skSeed.Length);
sha256.DoFinal(sha256Buf, 0);
- return Arrays.CopyOfRange(sha256Buf, 0, n);
+ Array.Copy(sha256Buf, 0, prf, prfOff, n);
}
public override byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message)
@@ -350,7 +342,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
}
internal class Shake256Engine
- : SPHINCSPlusEngine
+ : SphincsPlusEngine
{
private IXof treeDigest;
private IXof maskDigest;
@@ -415,31 +407,22 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
uint treeBits = FH - leafBits;
uint leafBytes = (leafBits + 7) / 8;
uint treeBytes = (treeBits + 7) / 8;
- uint m = (uint)(forsMsgBytes + leafBytes + treeBytes);
+ uint m = (uint)(forsMsgBytes + treeBytes + leafBytes);
byte[] output = new byte[m];
-
treeDigest.BlockUpdate(R, 0, R.Length);
treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length);
treeDigest.BlockUpdate(pkRoot, 0, pkRoot.Length);
treeDigest.BlockUpdate(message, 0, message.Length);
-
treeDigest.DoFinal(output, 0, output.Length);
// tree index
// currently, only indexes up to 64 bits are supported
- byte[] treeIndexBuf = new byte[8];
- Array.Copy(output, forsMsgBytes, treeIndexBuf, 8 - treeBytes, treeBytes);
- ulong treeIndex = Pack.BE_To_UInt64(treeIndexBuf, 0);
- if (64 - treeBits != 0)
- treeIndex &= (ulong)((0x7fffffffffffffffL) >> (64 - (int)treeBits - 1));
-
- byte[] leafIndexBuf = new byte[4];
- Array.Copy(output, forsMsgBytes + treeBytes, leafIndexBuf, 4 - leafBytes, leafBytes);
+ ulong treeIndex = Pack.BE_To_UInt64_Partial(output, forsMsgBytes, (int)treeBytes)
+ & ulong.MaxValue >> (64 - (int)treeBits);
- uint leafIndex = Pack.BE_To_UInt32(leafIndexBuf, 0);
- if (32 - leafBits != 0)
- leafIndex &= (uint)((0x7fffffff) >> (32 - (int)leafBits - 1));
+ uint leafIndex = Pack.BE_To_UInt32_Partial(output, forsMsgBytes + (int)treeBytes, (int)leafBytes)
+ & uint.MaxValue >> (32 - (int)leafBits);
return new IndexedDigest(treeIndex, leafIndex, Arrays.CopyOfRange(output, 0, forsMsgBytes));
}
@@ -462,15 +445,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
return rv;
}
- public override byte[] PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs)
+ public override void PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs, byte[] prf, int prfOff)
{
treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length);
treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length);
treeDigest.BlockUpdate(skSeed, 0, skSeed.Length);
-
- byte[] prf = new byte[N];
- treeDigest.DoFinal(prf, 0, N);
- return prf;
+ treeDigest.DoFinal(prf, prfOff, N);
}
public override byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message)
@@ -499,6 +479,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
return mask;
}
+
protected byte[] Bitmask(byte[] pkSeed, Adrs adrs, byte[] m1, byte[] m2)
{
byte[] mask = new byte[m1.Length + m2.Length];
@@ -523,13 +504,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
}
internal class HarakaSEngine
- : SPHINCSPlusEngine
+ : SphincsPlusEngine
{
public HarakaSXof harakaSXof;
public HarakaS256Digest harakaS256Digest;
public HarakaS512Digest harakaS512Digest;
- public HarakaSEngine(bool robust, int n, uint w, uint d, int a, int k, uint h) : base(robust, n, w, d, a, k, h)
+ public HarakaSEngine(bool robust, int n, uint w, uint d, int a, int k, uint h)
+ : base(robust, n, w, d, a, k, h)
{
}
@@ -561,7 +543,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
}
// NOTE The digest implementation implicitly pads the input with zeros up to 64 length
harakaS512Digest.DoFinal(hash, 0);
- return Arrays.CopyOfRange(hash, 0, N);
+ return N == 32 ? hash : Arrays.CopyOfRange(hash, 0, N);
}
public override byte[] H(byte[] pkSeed, Adrs adrs, byte[] m1, byte[] m2)
@@ -582,34 +564,26 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
int forsMsgBytes = ((A * K) + 7) >> 3;
uint leafBits = FH / D;
uint treeBits = FH - leafBits;
- uint leafBytes = (leafBits + 7) >>3;
- uint treeBytes = (treeBits + 7) >>3;
- uint m = (uint)(forsMsgBytes + leafBytes + treeBytes);
- byte[] output = new byte[forsMsgBytes + leafBytes + treeBytes];
+ uint leafBytes = (leafBits + 7) >> 3;
+ uint treeBytes = (treeBits + 7) >> 3;
+
+ byte[] output = new byte[forsMsgBytes + treeBytes + leafBytes];
harakaSXof.BlockUpdate(prf, 0, prf.Length);
harakaSXof.BlockUpdate(pkRoot, 0, pkRoot.Length);
harakaSXof.BlockUpdate(message, 0, message.Length);
harakaSXof.DoFinal(output, 0, output.Length);
+
// tree index
// currently, only indexes up to 64 bits are supported
- byte[] treeIndexBuf = new byte[8];
- Array.Copy(output, forsMsgBytes, treeIndexBuf, 8 - treeBytes, treeBytes);
- ulong treeIndex = Pack.BE_To_UInt64(treeIndexBuf, 0);
- if (64 - treeBits != 0)
- treeIndex &= (ulong)((0x7fffffffffffffffL) >> (64 - (int)treeBits - 1));
-
- byte[] leafIndexBuf = new byte[4];
- Array.Copy(output, forsMsgBytes + treeBytes, leafIndexBuf, 4 - leafBytes, leafBytes);
+ ulong treeIndex = Pack.BE_To_UInt64_Partial(output, forsMsgBytes, (int)treeBytes)
+ & ulong.MaxValue >> (64 - (int)treeBits);
- uint leafIndex = Pack.BE_To_UInt32(leafIndexBuf, 0);
- if (32 - leafBits != 0)
- leafIndex &= (uint)((0x7fffffff) >> (32 - (int)leafBits - 1));
+ uint leafIndex = Pack.BE_To_UInt32_Partial(output, forsMsgBytes + (int)treeBytes, (int)leafBytes)
+ & uint.MaxValue >> (32 - (int)leafBits);
return new IndexedDigest(treeIndex, leafIndex, Arrays.CopyOfRange(output, 0, forsMsgBytes));
}
-
-
public override byte[] T_l(byte[] pkSeed, Adrs adrs, byte[] m)
{
byte[] rv = new byte[N];
@@ -620,13 +594,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
return rv;
}
- public override byte[] PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs)
+ public override void PRF(byte[] pkSeed, byte[] skSeed, Adrs adrs, byte[] prf, int prfOff)
{
- byte[] rv = new byte[64];
+ byte[] rv = new byte[32];
harakaS512Digest.BlockUpdate(adrs.value, 0, adrs.value.Length);
harakaS512Digest.BlockUpdate(skSeed, 0, skSeed.Length);
harakaS512Digest.DoFinal(rv, 0);
- return Arrays.CopyOfRange(rv, 0, N);
+ Array.Copy(rv, 0, prf, prfOff, N);
}
public override byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message)
@@ -650,10 +624,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
m[i] ^= mask[i];
}
- return m;
}
return m;
}
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyGenerationParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyGenerationParameters.cs
index 2239d1162..12339ddc6 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyGenerationParameters.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyGenerationParameters.cs
@@ -3,17 +3,17 @@ using Org.BouncyCastle.Security;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- public class SPHINCSPlusKeyGenerationParameters
+ public sealed class SphincsPlusKeyGenerationParameters
: KeyGenerationParameters
{
- private SPHINCSPlusParameters parameters;
+ private readonly SphincsPlusParameters m_parameters;
- public SPHINCSPlusKeyGenerationParameters(SecureRandom random, SPHINCSPlusParameters parameters)
+ public SphincsPlusKeyGenerationParameters(SecureRandom random, SphincsPlusParameters parameters)
: base(random, 256)
{
- this.parameters = parameters;
+ m_parameters = parameters;
}
- internal SPHINCSPlusParameters Parameters => parameters;
+ public SphincsPlusParameters Parameters => m_parameters;
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs
index 0eaf9557a..ed96b70e5 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyPairGenerator.cs
@@ -1,30 +1,30 @@
using System;
+
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Security;
-using static Org.BouncyCastle.Pqc.Crypto.SphincsPlus.SPHINCSPlusEngine;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- public class SPHINCSPlusKeyPairGenerator
+ public sealed class SphincsPlusKeyPairGenerator
: IAsymmetricCipherKeyPairGenerator
{
private SecureRandom random;
- private SPHINCSPlusParameters parameters;
+ private SphincsPlusParameters parameters;
public void Init(KeyGenerationParameters param)
{
random = param.Random;
- parameters = ((SPHINCSPlusKeyGenerationParameters)param).Parameters;
+ parameters = ((SphincsPlusKeyGenerationParameters)param).Parameters;
}
public AsymmetricCipherKeyPair GenerateKeyPair()
{
- SPHINCSPlusEngine engine = parameters.GetEngine();
+ SphincsPlusEngine engine = parameters.GetEngine();
byte[] pkSeed;
SK sk;
- if (engine is SPHINCSPlusEngine.HarakaSEngine)
+ if (engine is SphincsPlusEngine.HarakaSEngine)
{
// required to pass kat tests
byte[] tmparray = SecRand(engine.N * 3);
@@ -45,8 +45,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
// TODO
PK pk = new PK(pkSeed, new HT(engine, sk.seed, pkSeed).HTPubKey);
- return new AsymmetricCipherKeyPair(new SPHINCSPlusPublicKeyParameters(parameters, pk),
- new SPHINCSPlusPrivateKeyParameters(parameters, sk, pk));
+ return new AsymmetricCipherKeyPair(new SphincsPlusPublicKeyParameters(parameters, pk),
+ new SphincsPlusPrivateKeyParameters(parameters, sk, pk));
}
private byte[] SecRand(int n)
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyParameters.cs
index 8a8edf653..82220f9db 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyParameters.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusKeyParameters.cs
@@ -2,20 +2,17 @@ using Org.BouncyCastle.Crypto;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- public class SPHINCSPlusKeyParameters
+ public abstract class SphincsPlusKeyParameters
: AsymmetricKeyParameter
{
- SPHINCSPlusParameters parameters;
+ protected readonly SphincsPlusParameters m_parameters;
- protected SPHINCSPlusKeyParameters(bool isPrivate, SPHINCSPlusParameters parameters)
+ protected SphincsPlusKeyParameters(bool isPrivate, SphincsPlusParameters parameters)
: base(isPrivate)
{
- this.parameters = parameters;
+ m_parameters = parameters;
}
- public SPHINCSPlusParameters GetParameters()
- {
- return parameters;
- }
+ public SphincsPlusParameters Parameters => m_parameters;
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs
index 9714ed847..97a9fe71a 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusParameters.cs
@@ -1,114 +1,111 @@
-using System;
using System.Collections.Generic;
+
using Org.BouncyCastle.Crypto.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- interface ISPHINCSPlusEngineProvider
+ internal interface ISphincsPlusEngineProvider
{
- int N
- {
- get;
- }
+ int N { get; }
- SPHINCSPlusEngine Get();
+ SphincsPlusEngine Get();
}
- public class SPHINCSPlusParameters
+ public sealed class SphincsPlusParameters
{
- public static SPHINCSPlusParameters sha2_128f = new SPHINCSPlusParameters("sha2-128f-robust",
+ public static SphincsPlusParameters sha2_128f = new SphincsPlusParameters("sha2-128f-robust",
new Sha2EngineProvider(true, 16, 16, 22, 6, 33, 66));
- public static SPHINCSPlusParameters sha2_128s = new SPHINCSPlusParameters("sha2-128s-robust",
+ public static SphincsPlusParameters sha2_128s = new SphincsPlusParameters("sha2-128s-robust",
new Sha2EngineProvider(true, 16, 16, 7, 12, 14, 63));
- public static SPHINCSPlusParameters sha2_192f = new SPHINCSPlusParameters("sha2-192f-robust",
+ public static SphincsPlusParameters sha2_192f = new SphincsPlusParameters("sha2-192f-robust",
new Sha2EngineProvider(true, 24, 16, 22, 8, 33, 66));
- public static SPHINCSPlusParameters sha2_192s = new SPHINCSPlusParameters("sha2-192s-robust",
+ public static SphincsPlusParameters sha2_192s = new SphincsPlusParameters("sha2-192s-robust",
new Sha2EngineProvider(true, 24, 16, 7, 14, 17, 63));
- public static SPHINCSPlusParameters sha2_256f = new SPHINCSPlusParameters("sha2-256f-robust",
+ public static SphincsPlusParameters sha2_256f = new SphincsPlusParameters("sha2-256f-robust",
new Sha2EngineProvider(true, 32, 16, 17, 9, 35, 68));
- public static SPHINCSPlusParameters sha2_256s = new SPHINCSPlusParameters("sha2-256s-robust",
+ public static SphincsPlusParameters sha2_256s = new SphincsPlusParameters("sha2-256s-robust",
new Sha2EngineProvider(true, 32, 16, 8, 14, 22, 64));
- public static SPHINCSPlusParameters sha2_128f_simple = new SPHINCSPlusParameters("sha2-128f-simple",
+ public static SphincsPlusParameters sha2_128f_simple = new SphincsPlusParameters("sha2-128f-simple",
new Sha2EngineProvider(false, 16, 16, 22, 6, 33, 66));
- public static SPHINCSPlusParameters sha2_128s_simple = new SPHINCSPlusParameters("sha2-128s-simple",
+ public static SphincsPlusParameters sha2_128s_simple = new SphincsPlusParameters("sha2-128s-simple",
new Sha2EngineProvider(false, 16, 16, 7, 12, 14, 63));
- public static SPHINCSPlusParameters sha2_192f_simple = new SPHINCSPlusParameters("sha2-192f-simple",
+ public static SphincsPlusParameters sha2_192f_simple = new SphincsPlusParameters("sha2-192f-simple",
new Sha2EngineProvider(false, 24, 16, 22, 8, 33, 66));
- public static SPHINCSPlusParameters sha2_192s_simple = new SPHINCSPlusParameters("sha2-192s-simple",
+ public static SphincsPlusParameters sha2_192s_simple = new SphincsPlusParameters("sha2-192s-simple",
new Sha2EngineProvider(false, 24, 16, 7, 14, 17, 63));
- public static SPHINCSPlusParameters sha2_256f_simple = new SPHINCSPlusParameters("sha2-256f-simple",
+ public static SphincsPlusParameters sha2_256f_simple = new SphincsPlusParameters("sha2-256f-simple",
new Sha2EngineProvider(false, 32, 16, 17, 9, 35, 68));
- public static SPHINCSPlusParameters sha2_256s_simple = new SPHINCSPlusParameters("sha2-256s-simple",
+ public static SphincsPlusParameters sha2_256s_simple = new SphincsPlusParameters("sha2-256s-simple",
new Sha2EngineProvider(false, 32, 16, 8, 14, 22, 64));
// SHAKE-256.
- public static SPHINCSPlusParameters shake_128f = new SPHINCSPlusParameters("shake-128f-robust",
+ public static SphincsPlusParameters shake_128f = new SphincsPlusParameters("shake-128f-robust",
new Shake256EngineProvider(true, 16, 16, 22, 6, 33, 66));
- public static SPHINCSPlusParameters shake_128s = new SPHINCSPlusParameters("shake-128s-robust",
+ public static SphincsPlusParameters shake_128s = new SphincsPlusParameters("shake-128s-robust",
new Shake256EngineProvider(true, 16, 16, 7, 12, 14, 63));
- public static SPHINCSPlusParameters shake_192f = new SPHINCSPlusParameters("shake-192f-robust",
+ public static SphincsPlusParameters shake_192f = new SphincsPlusParameters("shake-192f-robust",
new Shake256EngineProvider(true, 24, 16, 22, 8, 33, 66));
- public static SPHINCSPlusParameters shake_192s = new SPHINCSPlusParameters("shake-192s-robust",
+ public static SphincsPlusParameters shake_192s = new SphincsPlusParameters("shake-192s-robust",
new Shake256EngineProvider(true, 24, 16, 7, 14, 17, 63));
- public static SPHINCSPlusParameters shake_256f = new SPHINCSPlusParameters("shake-256f-robust",
+ public static SphincsPlusParameters shake_256f = new SphincsPlusParameters("shake-256f-robust",
new Shake256EngineProvider(true, 32, 16, 17, 9, 35, 68));
- public static SPHINCSPlusParameters shake_256s = new SPHINCSPlusParameters("shake-256s-robust",
+ public static SphincsPlusParameters shake_256s = new SphincsPlusParameters("shake-256s-robust",
new Shake256EngineProvider(true, 32, 16, 8, 14, 22, 64));
- public static SPHINCSPlusParameters shake_128f_simple = new SPHINCSPlusParameters("shake-128f-simple",
+ public static SphincsPlusParameters shake_128f_simple = new SphincsPlusParameters("shake-128f-simple",
new Shake256EngineProvider(false, 16, 16, 22, 6, 33, 66));
- public static SPHINCSPlusParameters shake_128s_simple = new SPHINCSPlusParameters("shake-128s-simple",
+ public static SphincsPlusParameters shake_128s_simple = new SphincsPlusParameters("shake-128s-simple",
new Shake256EngineProvider(false, 16, 16, 7, 12, 14, 63));
- public static SPHINCSPlusParameters shake_192f_simple = new SPHINCSPlusParameters("shake-192f-simple",
+ public static SphincsPlusParameters shake_192f_simple = new SphincsPlusParameters("shake-192f-simple",
new Shake256EngineProvider(false, 24, 16, 22, 8, 33, 66));
- public static SPHINCSPlusParameters shake_192s_simple = new SPHINCSPlusParameters("shake-192s-simple",
+ public static SphincsPlusParameters shake_192s_simple = new SphincsPlusParameters("shake-192s-simple",
new Shake256EngineProvider(false, 24, 16, 7, 14, 17, 63));
- public static SPHINCSPlusParameters shake_256f_simple = new SPHINCSPlusParameters("shake-256f-simple",
+ public static SphincsPlusParameters shake_256f_simple = new SphincsPlusParameters("shake-256f-simple",
new Shake256EngineProvider(false, 32, 16, 17, 9, 35, 68));
- public static SPHINCSPlusParameters shake_256s_simple = new SPHINCSPlusParameters("shake-256s-simple",
+ public static SphincsPlusParameters shake_256s_simple = new SphincsPlusParameters("shake-256s-simple",
new Shake256EngineProvider(false, 32, 16, 8, 14, 22, 64));
// Haraka.
- public static SPHINCSPlusParameters haraka_128f = new SPHINCSPlusParameters("haraka-128f-robust", new Haraka256EngineProvider(true, 16, 16, 22, 6, 33, 66));
- public static SPHINCSPlusParameters haraka_128s = new SPHINCSPlusParameters("haraka-128s-robust", new Haraka256EngineProvider(true, 16, 16, 7, 12, 14, 63));
+ public static SphincsPlusParameters haraka_128f = new SphincsPlusParameters("haraka-128f-robust", new Haraka256EngineProvider(true, 16, 16, 22, 6, 33, 66));
+ public static SphincsPlusParameters haraka_128s = new SphincsPlusParameters("haraka-128s-robust", new Haraka256EngineProvider(true, 16, 16, 7, 12, 14, 63));
- public static SPHINCSPlusParameters haraka_256f = new SPHINCSPlusParameters("haraka-256f-robust", new Haraka256EngineProvider(true, 32, 16, 17, 9, 35, 68));
- public static SPHINCSPlusParameters haraka_256s = new SPHINCSPlusParameters("haraka-256s-robust", new Haraka256EngineProvider(true, 32, 16, 8, 14, 22, 64));
+ public static SphincsPlusParameters haraka_256f = new SphincsPlusParameters("haraka-256f-robust", new Haraka256EngineProvider(true, 32, 16, 17, 9, 35, 68));
+ public static SphincsPlusParameters haraka_256s = new SphincsPlusParameters("haraka-256s-robust", new Haraka256EngineProvider(true, 32, 16, 8, 14, 22, 64));
- public static SPHINCSPlusParameters haraka_192f = new SPHINCSPlusParameters("haraka-192f-robust", new Haraka256EngineProvider(true, 24, 16, 22, 8, 33, 66));
- public static SPHINCSPlusParameters haraka_192s = new SPHINCSPlusParameters("haraka-192s-robust", new Haraka256EngineProvider(true, 24, 16, 7, 14, 17, 63));
+ public static SphincsPlusParameters haraka_192f = new SphincsPlusParameters("haraka-192f-robust", new Haraka256EngineProvider(true, 24, 16, 22, 8, 33, 66));
+ public static SphincsPlusParameters haraka_192s = new SphincsPlusParameters("haraka-192s-robust", new Haraka256EngineProvider(true, 24, 16, 7, 14, 17, 63));
- public static SPHINCSPlusParameters haraka_128f_simple = new SPHINCSPlusParameters("haraka-128f-simple", new Haraka256EngineProvider(false, 16, 16, 22, 6, 33, 66));
- public static SPHINCSPlusParameters haraka_128s_simple = new SPHINCSPlusParameters("haraka-128s-simple", new Haraka256EngineProvider(false, 16, 16, 7, 12, 14, 63));
+ public static SphincsPlusParameters haraka_128f_simple = new SphincsPlusParameters("haraka-128f-simple", new Haraka256EngineProvider(false, 16, 16, 22, 6, 33, 66));
+ public static SphincsPlusParameters haraka_128s_simple = new SphincsPlusParameters("haraka-128s-simple", new Haraka256EngineProvider(false, 16, 16, 7, 12, 14, 63));
- public static SPHINCSPlusParameters haraka_192f_simple = new SPHINCSPlusParameters("haraka-192f-simple", new Haraka256EngineProvider(false, 24, 16, 22, 8, 33, 66));
- public static SPHINCSPlusParameters haraka_192s_simple = new SPHINCSPlusParameters("haraka-192s-simple", new Haraka256EngineProvider(false, 24, 16, 7, 14, 17, 63));
+ public static SphincsPlusParameters haraka_192f_simple = new SphincsPlusParameters("haraka-192f-simple", new Haraka256EngineProvider(false, 24, 16, 22, 8, 33, 66));
+ public static SphincsPlusParameters haraka_192s_simple = new SphincsPlusParameters("haraka-192s-simple", new Haraka256EngineProvider(false, 24, 16, 7, 14, 17, 63));
- public static SPHINCSPlusParameters haraka_256f_simple = new SPHINCSPlusParameters("haraka-256f-simple", new Haraka256EngineProvider(false, 32, 16, 17, 9, 35, 68));
- public static SPHINCSPlusParameters haraka_256s_simple = new SPHINCSPlusParameters("haraka-256s-simple", new Haraka256EngineProvider(false, 32, 16, 8, 14, 22, 64));
+ public static SphincsPlusParameters haraka_256f_simple = new SphincsPlusParameters("haraka-256f-simple", new Haraka256EngineProvider(false, 32, 16, 17, 9, 35, 68));
+ public static SphincsPlusParameters haraka_256s_simple = new SphincsPlusParameters("haraka-256s-simple", new Haraka256EngineProvider(false, 32, 16, 8, 14, 22, 64));
private static uint sphincsPlus_sha2_128f_robust = 0x010101;
@@ -154,112 +151,112 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
private static uint sphincsPlus_haraka_256s_simple = 0x030206;
- private static Dictionary<uint, SPHINCSPlusParameters> oidToParams = new Dictionary<uint, SPHINCSPlusParameters>();
- private static Dictionary<SPHINCSPlusParameters, uint> paramsToOid = new Dictionary<SPHINCSPlusParameters, uint>();
+ private static Dictionary<uint, SphincsPlusParameters> oidToParams = new Dictionary<uint, SphincsPlusParameters>();
+ private static Dictionary<SphincsPlusParameters, uint> paramsToOid = new Dictionary<SphincsPlusParameters, uint>();
- static SPHINCSPlusParameters()
+ static SphincsPlusParameters()
{
- oidToParams[sphincsPlus_sha2_128f_robust] = SPHINCSPlusParameters.sha2_128f;
- oidToParams[sphincsPlus_sha2_128s_robust] = SPHINCSPlusParameters.sha2_128s;
- oidToParams[sphincsPlus_sha2_192f_robust] = SPHINCSPlusParameters.sha2_192f;
- oidToParams[sphincsPlus_sha2_192s_robust] = SPHINCSPlusParameters.sha2_192s;
- oidToParams[sphincsPlus_sha2_256f_robust] = SPHINCSPlusParameters.sha2_256f;
- oidToParams[sphincsPlus_sha2_256s_robust] = SPHINCSPlusParameters.sha2_256s;
-
- oidToParams[sphincsPlus_sha2_128f_simple] = SPHINCSPlusParameters.sha2_128f_simple;
- oidToParams[sphincsPlus_sha2_128s_simple] = SPHINCSPlusParameters.sha2_128s_simple;
- oidToParams[sphincsPlus_sha2_192f_simple] = SPHINCSPlusParameters.sha2_192f_simple;
- oidToParams[sphincsPlus_sha2_192s_simple] = SPHINCSPlusParameters.sha2_192s_simple;
- oidToParams[sphincsPlus_sha2_256f_simple] = SPHINCSPlusParameters.sha2_256f_simple;
- oidToParams[sphincsPlus_sha2_256s_simple] = SPHINCSPlusParameters.sha2_256s_simple;
-
- oidToParams[sphincsPlus_shake_128f_robust] = SPHINCSPlusParameters.shake_128f;
- oidToParams[sphincsPlus_shake_128s_robust] = SPHINCSPlusParameters.shake_128s;
- oidToParams[sphincsPlus_shake_192f_robust] = SPHINCSPlusParameters.shake_192f;
- oidToParams[sphincsPlus_shake_192s_robust] = SPHINCSPlusParameters.shake_192s;
- oidToParams[sphincsPlus_shake_256f_robust] = SPHINCSPlusParameters.shake_256f;
- oidToParams[sphincsPlus_shake_256s_robust] = SPHINCSPlusParameters.shake_256s;
-
- oidToParams[sphincsPlus_shake_128f_simple] = SPHINCSPlusParameters.shake_128f_simple;
- oidToParams[sphincsPlus_shake_128s_simple] = SPHINCSPlusParameters.shake_128s_simple;
- oidToParams[sphincsPlus_shake_192f_simple] = SPHINCSPlusParameters.shake_192f_simple;
- oidToParams[sphincsPlus_shake_192s_simple] = SPHINCSPlusParameters.shake_192s_simple;
- oidToParams[sphincsPlus_shake_256f_simple] = SPHINCSPlusParameters.shake_256f_simple;
- oidToParams[sphincsPlus_shake_256s_simple] = SPHINCSPlusParameters.shake_256s_simple;
-
- oidToParams[sphincsPlus_haraka_128f_simple] = SPHINCSPlusParameters.haraka_128f_simple;
- oidToParams[sphincsPlus_haraka_128f_robust] = SPHINCSPlusParameters.haraka_128f;
- oidToParams[sphincsPlus_haraka_192f_simple] = SPHINCSPlusParameters.haraka_192f_simple;
- oidToParams[sphincsPlus_haraka_192f_robust] = SPHINCSPlusParameters.haraka_192f;
- oidToParams[sphincsPlus_haraka_256f_simple] = SPHINCSPlusParameters.haraka_256f_simple;
- oidToParams[sphincsPlus_haraka_256f_robust] = SPHINCSPlusParameters.haraka_256f;
-
- oidToParams[sphincsPlus_haraka_128s_simple] = SPHINCSPlusParameters.haraka_128s_simple;
- oidToParams[sphincsPlus_haraka_128s_robust] = SPHINCSPlusParameters.haraka_128s;
- oidToParams[sphincsPlus_haraka_192s_simple] = SPHINCSPlusParameters.haraka_192s_simple;
- oidToParams[sphincsPlus_haraka_192s_robust] = SPHINCSPlusParameters.haraka_192s;
- oidToParams[sphincsPlus_haraka_256s_simple] = SPHINCSPlusParameters.haraka_256s_simple;
- oidToParams[sphincsPlus_haraka_256s_robust] = SPHINCSPlusParameters.haraka_256s;
-
-
- paramsToOid[SPHINCSPlusParameters.sha2_128f] = sphincsPlus_sha2_128f_robust;
- paramsToOid[SPHINCSPlusParameters.sha2_128s] = sphincsPlus_sha2_128s_robust;
- paramsToOid[SPHINCSPlusParameters.sha2_192f] = sphincsPlus_sha2_192f_robust;
- paramsToOid[SPHINCSPlusParameters.sha2_192s] = sphincsPlus_sha2_192s_robust;
- paramsToOid[SPHINCSPlusParameters.sha2_256f] = sphincsPlus_sha2_256f_robust;
- paramsToOid[SPHINCSPlusParameters.sha2_256s] = sphincsPlus_sha2_256s_robust;
-
- paramsToOid[SPHINCSPlusParameters.sha2_128f_simple] = sphincsPlus_sha2_128f_simple;
- paramsToOid[SPHINCSPlusParameters.sha2_128s_simple] = sphincsPlus_sha2_128s_simple;
- paramsToOid[SPHINCSPlusParameters.sha2_192f_simple] = sphincsPlus_sha2_192f_simple;
- paramsToOid[SPHINCSPlusParameters.sha2_192s_simple] = sphincsPlus_sha2_192s_simple;
- paramsToOid[SPHINCSPlusParameters.sha2_256f_simple] = sphincsPlus_sha2_256f_simple;
- paramsToOid[SPHINCSPlusParameters.sha2_256s_simple] = sphincsPlus_sha2_256s_simple;
-
- paramsToOid[SPHINCSPlusParameters.shake_128f] = sphincsPlus_shake_128f_robust;
- paramsToOid[SPHINCSPlusParameters.shake_128s] = sphincsPlus_shake_128s_robust;
- paramsToOid[SPHINCSPlusParameters.shake_192f] = sphincsPlus_shake_192f_robust;
- paramsToOid[SPHINCSPlusParameters.shake_192s] = sphincsPlus_shake_192s_robust;
- paramsToOid[SPHINCSPlusParameters.shake_256f] = sphincsPlus_shake_256f_robust;
- paramsToOid[SPHINCSPlusParameters.shake_256s] = sphincsPlus_shake_256s_robust;
-
- paramsToOid[SPHINCSPlusParameters.shake_128f_simple] = sphincsPlus_shake_128f_simple;
- paramsToOid[SPHINCSPlusParameters.shake_128s_simple] = sphincsPlus_shake_128s_simple;
- paramsToOid[SPHINCSPlusParameters.shake_192f_simple] = sphincsPlus_shake_192f_simple;
- paramsToOid[SPHINCSPlusParameters.shake_192s_simple] = sphincsPlus_shake_192s_simple;
- paramsToOid[SPHINCSPlusParameters.shake_256f_simple] = sphincsPlus_shake_256f_simple;
- paramsToOid[SPHINCSPlusParameters.shake_256s_simple] = sphincsPlus_shake_256s_simple;
-
- paramsToOid[SPHINCSPlusParameters.haraka_128f_simple] = sphincsPlus_haraka_128f_simple;
- paramsToOid[SPHINCSPlusParameters.haraka_192f_simple] = sphincsPlus_haraka_192f_simple;
- paramsToOid[SPHINCSPlusParameters.haraka_256f_simple] = sphincsPlus_haraka_256f_simple;
- paramsToOid[SPHINCSPlusParameters.haraka_128s_simple] = sphincsPlus_haraka_128s_simple;
- paramsToOid[SPHINCSPlusParameters.haraka_192s_simple] = sphincsPlus_haraka_192s_simple;
- paramsToOid[SPHINCSPlusParameters.haraka_256s_simple] = sphincsPlus_haraka_256s_simple;
- paramsToOid[SPHINCSPlusParameters.haraka_128f] = sphincsPlus_haraka_128f_robust;
- paramsToOid[SPHINCSPlusParameters.haraka_192f] = sphincsPlus_haraka_192f_robust;
- paramsToOid[SPHINCSPlusParameters.haraka_256f] = sphincsPlus_haraka_256f_robust;
- paramsToOid[SPHINCSPlusParameters.haraka_128s] = sphincsPlus_haraka_128s_robust;
- paramsToOid[SPHINCSPlusParameters.haraka_192s] = sphincsPlus_haraka_192s_robust;
- paramsToOid[SPHINCSPlusParameters.haraka_256s] = sphincsPlus_haraka_256s_robust;
+ oidToParams[sphincsPlus_sha2_128f_robust] = SphincsPlusParameters.sha2_128f;
+ oidToParams[sphincsPlus_sha2_128s_robust] = SphincsPlusParameters.sha2_128s;
+ oidToParams[sphincsPlus_sha2_192f_robust] = SphincsPlusParameters.sha2_192f;
+ oidToParams[sphincsPlus_sha2_192s_robust] = SphincsPlusParameters.sha2_192s;
+ oidToParams[sphincsPlus_sha2_256f_robust] = SphincsPlusParameters.sha2_256f;
+ oidToParams[sphincsPlus_sha2_256s_robust] = SphincsPlusParameters.sha2_256s;
+
+ oidToParams[sphincsPlus_sha2_128f_simple] = SphincsPlusParameters.sha2_128f_simple;
+ oidToParams[sphincsPlus_sha2_128s_simple] = SphincsPlusParameters.sha2_128s_simple;
+ oidToParams[sphincsPlus_sha2_192f_simple] = SphincsPlusParameters.sha2_192f_simple;
+ oidToParams[sphincsPlus_sha2_192s_simple] = SphincsPlusParameters.sha2_192s_simple;
+ oidToParams[sphincsPlus_sha2_256f_simple] = SphincsPlusParameters.sha2_256f_simple;
+ oidToParams[sphincsPlus_sha2_256s_simple] = SphincsPlusParameters.sha2_256s_simple;
+
+ oidToParams[sphincsPlus_shake_128f_robust] = SphincsPlusParameters.shake_128f;
+ oidToParams[sphincsPlus_shake_128s_robust] = SphincsPlusParameters.shake_128s;
+ oidToParams[sphincsPlus_shake_192f_robust] = SphincsPlusParameters.shake_192f;
+ oidToParams[sphincsPlus_shake_192s_robust] = SphincsPlusParameters.shake_192s;
+ oidToParams[sphincsPlus_shake_256f_robust] = SphincsPlusParameters.shake_256f;
+ oidToParams[sphincsPlus_shake_256s_robust] = SphincsPlusParameters.shake_256s;
+
+ oidToParams[sphincsPlus_shake_128f_simple] = SphincsPlusParameters.shake_128f_simple;
+ oidToParams[sphincsPlus_shake_128s_simple] = SphincsPlusParameters.shake_128s_simple;
+ oidToParams[sphincsPlus_shake_192f_simple] = SphincsPlusParameters.shake_192f_simple;
+ oidToParams[sphincsPlus_shake_192s_simple] = SphincsPlusParameters.shake_192s_simple;
+ oidToParams[sphincsPlus_shake_256f_simple] = SphincsPlusParameters.shake_256f_simple;
+ oidToParams[sphincsPlus_shake_256s_simple] = SphincsPlusParameters.shake_256s_simple;
+
+ oidToParams[sphincsPlus_haraka_128f_simple] = SphincsPlusParameters.haraka_128f_simple;
+ oidToParams[sphincsPlus_haraka_128f_robust] = SphincsPlusParameters.haraka_128f;
+ oidToParams[sphincsPlus_haraka_192f_simple] = SphincsPlusParameters.haraka_192f_simple;
+ oidToParams[sphincsPlus_haraka_192f_robust] = SphincsPlusParameters.haraka_192f;
+ oidToParams[sphincsPlus_haraka_256f_simple] = SphincsPlusParameters.haraka_256f_simple;
+ oidToParams[sphincsPlus_haraka_256f_robust] = SphincsPlusParameters.haraka_256f;
+
+ oidToParams[sphincsPlus_haraka_128s_simple] = SphincsPlusParameters.haraka_128s_simple;
+ oidToParams[sphincsPlus_haraka_128s_robust] = SphincsPlusParameters.haraka_128s;
+ oidToParams[sphincsPlus_haraka_192s_simple] = SphincsPlusParameters.haraka_192s_simple;
+ oidToParams[sphincsPlus_haraka_192s_robust] = SphincsPlusParameters.haraka_192s;
+ oidToParams[sphincsPlus_haraka_256s_simple] = SphincsPlusParameters.haraka_256s_simple;
+ oidToParams[sphincsPlus_haraka_256s_robust] = SphincsPlusParameters.haraka_256s;
+
+
+ paramsToOid[SphincsPlusParameters.sha2_128f] = sphincsPlus_sha2_128f_robust;
+ paramsToOid[SphincsPlusParameters.sha2_128s] = sphincsPlus_sha2_128s_robust;
+ paramsToOid[SphincsPlusParameters.sha2_192f] = sphincsPlus_sha2_192f_robust;
+ paramsToOid[SphincsPlusParameters.sha2_192s] = sphincsPlus_sha2_192s_robust;
+ paramsToOid[SphincsPlusParameters.sha2_256f] = sphincsPlus_sha2_256f_robust;
+ paramsToOid[SphincsPlusParameters.sha2_256s] = sphincsPlus_sha2_256s_robust;
+
+ paramsToOid[SphincsPlusParameters.sha2_128f_simple] = sphincsPlus_sha2_128f_simple;
+ paramsToOid[SphincsPlusParameters.sha2_128s_simple] = sphincsPlus_sha2_128s_simple;
+ paramsToOid[SphincsPlusParameters.sha2_192f_simple] = sphincsPlus_sha2_192f_simple;
+ paramsToOid[SphincsPlusParameters.sha2_192s_simple] = sphincsPlus_sha2_192s_simple;
+ paramsToOid[SphincsPlusParameters.sha2_256f_simple] = sphincsPlus_sha2_256f_simple;
+ paramsToOid[SphincsPlusParameters.sha2_256s_simple] = sphincsPlus_sha2_256s_simple;
+
+ paramsToOid[SphincsPlusParameters.shake_128f] = sphincsPlus_shake_128f_robust;
+ paramsToOid[SphincsPlusParameters.shake_128s] = sphincsPlus_shake_128s_robust;
+ paramsToOid[SphincsPlusParameters.shake_192f] = sphincsPlus_shake_192f_robust;
+ paramsToOid[SphincsPlusParameters.shake_192s] = sphincsPlus_shake_192s_robust;
+ paramsToOid[SphincsPlusParameters.shake_256f] = sphincsPlus_shake_256f_robust;
+ paramsToOid[SphincsPlusParameters.shake_256s] = sphincsPlus_shake_256s_robust;
+
+ paramsToOid[SphincsPlusParameters.shake_128f_simple] = sphincsPlus_shake_128f_simple;
+ paramsToOid[SphincsPlusParameters.shake_128s_simple] = sphincsPlus_shake_128s_simple;
+ paramsToOid[SphincsPlusParameters.shake_192f_simple] = sphincsPlus_shake_192f_simple;
+ paramsToOid[SphincsPlusParameters.shake_192s_simple] = sphincsPlus_shake_192s_simple;
+ paramsToOid[SphincsPlusParameters.shake_256f_simple] = sphincsPlus_shake_256f_simple;
+ paramsToOid[SphincsPlusParameters.shake_256s_simple] = sphincsPlus_shake_256s_simple;
+
+ paramsToOid[SphincsPlusParameters.haraka_128f_simple] = sphincsPlus_haraka_128f_simple;
+ paramsToOid[SphincsPlusParameters.haraka_192f_simple] = sphincsPlus_haraka_192f_simple;
+ paramsToOid[SphincsPlusParameters.haraka_256f_simple] = sphincsPlus_haraka_256f_simple;
+ paramsToOid[SphincsPlusParameters.haraka_128s_simple] = sphincsPlus_haraka_128s_simple;
+ paramsToOid[SphincsPlusParameters.haraka_192s_simple] = sphincsPlus_haraka_192s_simple;
+ paramsToOid[SphincsPlusParameters.haraka_256s_simple] = sphincsPlus_haraka_256s_simple;
+ paramsToOid[SphincsPlusParameters.haraka_128f] = sphincsPlus_haraka_128f_robust;
+ paramsToOid[SphincsPlusParameters.haraka_192f] = sphincsPlus_haraka_192f_robust;
+ paramsToOid[SphincsPlusParameters.haraka_256f] = sphincsPlus_haraka_256f_robust;
+ paramsToOid[SphincsPlusParameters.haraka_128s] = sphincsPlus_haraka_128s_robust;
+ paramsToOid[SphincsPlusParameters.haraka_192s] = sphincsPlus_haraka_192s_robust;
+ paramsToOid[SphincsPlusParameters.haraka_256s] = sphincsPlus_haraka_256s_robust;
}
- private string name;
- private ISPHINCSPlusEngineProvider engineProvider;
+ private readonly string m_name;
+ private readonly ISphincsPlusEngineProvider m_engineProvider;
- private SPHINCSPlusParameters(string name, ISPHINCSPlusEngineProvider engineProvider)
+ private SphincsPlusParameters(string name, ISphincsPlusEngineProvider engineProvider)
{
- this.name = name;
- this.engineProvider = engineProvider;
+ m_name = name;
+ m_engineProvider = engineProvider;
}
- public string Name => name;
+ public string Name => m_name;
- internal int N => engineProvider.N;
+ internal int N => m_engineProvider.N;
- internal SPHINCSPlusEngine GetEngine()
+ internal SphincsPlusEngine GetEngine()
{
- return engineProvider.Get();
+ return m_engineProvider.Get();
}
/**
@@ -268,7 +265,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
* @param id the oid of interest.
* @return the parameter set.
*/
- public static SPHINCSPlusParameters GetParams(uint id)
+ public static SphincsPlusParameters GetParams(uint id)
{
return oidToParams[id];
}
@@ -279,7 +276,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
* @param params the parameters of interest.
* @return the OID for the parameter set.
*/
- public static uint GetID(SPHINCSPlusParameters parameters)
+ public static uint GetID(SphincsPlusParameters parameters)
{
return paramsToOid[parameters];
}
@@ -290,8 +287,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
}
}
- internal class Sha2EngineProvider
- : ISPHINCSPlusEngineProvider
+ internal sealed class Sha2EngineProvider
+ : ISphincsPlusEngineProvider
{
private readonly bool robust;
private readonly int n;
@@ -314,14 +311,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
public int N => this.n;
- public SPHINCSPlusEngine Get()
+ public SphincsPlusEngine Get()
{
- return new SPHINCSPlusEngine.Sha2Engine(robust, n, w, d, a, k, h);
+ return new SphincsPlusEngine.Sha2Engine(robust, n, w, d, a, k, h);
}
}
- internal class Shake256EngineProvider
- : ISPHINCSPlusEngineProvider
+ internal sealed class Shake256EngineProvider
+ : ISphincsPlusEngineProvider
{
private readonly bool robust;
private readonly int n;
@@ -344,14 +341,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
public int N => this.n;
- public SPHINCSPlusEngine Get()
+ public SphincsPlusEngine Get()
{
- return new SPHINCSPlusEngine.Shake256Engine(robust, n, w, d, a, k, h);
+ return new SphincsPlusEngine.Shake256Engine(robust, n, w, d, a, k, h);
}
}
- internal class Haraka256EngineProvider
- : ISPHINCSPlusEngineProvider
+ internal sealed class Haraka256EngineProvider
+ : ISphincsPlusEngineProvider
{
private readonly bool robust;
private readonly int n;
@@ -374,9 +371,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
public int N => this.n;
- public SPHINCSPlusEngine Get()
+ public SphincsPlusEngine Get()
{
- return new SPHINCSPlusEngine.HarakaSEngine(robust, n, w, d, a, k, h);
+ return new SphincsPlusEngine.HarakaSEngine(robust, n, w, d, a, k, h);
}
}
}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs
index 42c20f25d..ed5195da2 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPrivateKeyParameters.cs
@@ -1,17 +1,17 @@
-
using System;
+
using Org.BouncyCastle.Crypto.Utilities;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- public class SPHINCSPlusPrivateKeyParameters
- : SPHINCSPlusKeyParameters
+ public sealed class SphincsPlusPrivateKeyParameters
+ : SphincsPlusKeyParameters
{
- internal SK sk;
- internal PK pk;
+ internal readonly SK m_sk;
+ internal readonly PK m_pk;
- public SPHINCSPlusPrivateKeyParameters(SPHINCSPlusParameters parameters, byte[] skpkEncoded)
+ public SphincsPlusPrivateKeyParameters(SphincsPlusParameters parameters, byte[] skpkEncoded)
: base(true, parameters)
{
int n = parameters.N;
@@ -20,47 +20,47 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
throw new ArgumentException("private key encoding does not match parameters");
}
- this.sk = new SK(Arrays.CopyOfRange(skpkEncoded, 0, n), Arrays.CopyOfRange(skpkEncoded, n, 2 * n));
- this.pk = new PK(Arrays.CopyOfRange(skpkEncoded, 2 * n, 3 * n),
- Arrays.CopyOfRange(skpkEncoded, 3 * n, 4 * n));
+ m_sk = new SK(Arrays.CopyOfRange(skpkEncoded, 0, n), Arrays.CopyOfRange(skpkEncoded, n, 2 * n));
+ m_pk = new PK(Arrays.CopyOfRange(skpkEncoded, 2 * n, 3 * n), Arrays.CopyOfRange(skpkEncoded, 3 * n, 4 * n));
}
- internal SPHINCSPlusPrivateKeyParameters(SPHINCSPlusParameters parameters, SK sk, PK pk)
+ internal SphincsPlusPrivateKeyParameters(SphincsPlusParameters parameters, SK sk, PK pk)
: base(true, parameters)
{
- this.sk = sk;
- this.pk = pk;
+ m_sk = sk;
+ m_pk = pk;
}
public byte[] GetSeed()
{
- return Arrays.Clone(sk.seed);
+ return Arrays.Clone(m_sk.seed);
}
public byte[] GetPrf()
{
- return Arrays.Clone(sk.prf);
+ return Arrays.Clone(m_sk.prf);
}
public byte[] GetPublicSeed()
{
- return Arrays.Clone(pk.seed);
+ return Arrays.Clone(m_pk.seed);
}
public byte[] GetPublicKey()
{
- return Arrays.Concatenate(pk.seed, pk.root);
+ return Arrays.Concatenate(m_pk.seed, m_pk.root);
}
public byte[] GetEncoded()
{
- return Arrays.Concatenate(Pack.UInt32_To_BE(SPHINCSPlusParameters.GetID(GetParameters())),
- Arrays.ConcatenateAll(sk.seed, sk.prf, pk.seed, pk.root));
+ var id = Pack.UInt32_To_BE(SphincsPlusParameters.GetID(Parameters));
+ return Arrays.ConcatenateAll(id, m_sk.seed, m_sk.prf, m_pk.seed, m_pk.root);
}
public byte[] GetEncodedPublicKey()
{
- return Arrays.ConcatenateAll(Pack.UInt32_To_BE(SPHINCSPlusParameters.GetID(GetParameters())), pk.seed, pk.root);
+ var id = Pack.UInt32_To_BE(SphincsPlusParameters.GetID(Parameters));
+ return Arrays.ConcatenateAll(id, m_pk.seed, m_pk.root);
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs
index 429234ee7..96e9324cc 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusPublicKeyParameters.cs
@@ -1,45 +1,45 @@
using System;
+
using Org.BouncyCastle.Crypto.Utilities;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- public class SPHINCSPlusPublicKeyParameters
- : SPHINCSPlusKeyParameters
+ public sealed class SphincsPlusPublicKeyParameters
+ : SphincsPlusKeyParameters
{
- private PK pk;
+ private readonly PK m_pk;
- public SPHINCSPlusPublicKeyParameters(SPHINCSPlusParameters parameters, byte[] pkEncoded)
+ public SphincsPlusPublicKeyParameters(SphincsPlusParameters parameters, byte[] pkEncoded)
: base(false, parameters)
{
int n = parameters.N;
if (pkEncoded.Length != 2 * n)
- {
- throw new ArgumentException("public key encoding does not match parameters");
- }
+ throw new ArgumentException("public key encoding does not match parameters", nameof(pkEncoded));
- this.pk = new PK(Arrays.CopyOfRange(pkEncoded, 0, n), Arrays.CopyOfRange(pkEncoded, n, 2 * n));
+ m_pk = new PK(Arrays.CopyOfRange(pkEncoded, 0, n), Arrays.CopyOfRange(pkEncoded, n, 2 * n));
}
- internal SPHINCSPlusPublicKeyParameters(SPHINCSPlusParameters parameters, PK pk)
+ internal SphincsPlusPublicKeyParameters(SphincsPlusParameters parameters, PK pk)
: base(false, parameters)
{
- this.pk = pk;
+ m_pk = pk;
}
public byte[] GetSeed()
{
- return Arrays.Clone(pk.seed);
+ return Arrays.Clone(m_pk.seed);
}
public byte[] GetRoot()
{
- return Arrays.Clone(pk.root);
+ return Arrays.Clone(m_pk.root);
}
public byte[] GetEncoded()
{
- return Arrays.ConcatenateAll(Pack.UInt32_To_BE(SPHINCSPlusParameters.GetID(GetParameters())), pk.seed, pk.root);
+ var id = Pack.UInt32_To_BE(SphincsPlusParameters.GetID(Parameters));
+ return Arrays.ConcatenateAll(id, m_pk.seed, m_pk.root);
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs
index c6664f889..5c576eb15 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusSigner.cs
@@ -7,7 +7,6 @@ using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
-
/**
* SPHINCS+ signer.
* <p>
@@ -18,18 +17,18 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
* for further details.
* </p>
*/
- public class SPHINCSPlusSigner
+ public sealed class SphincsPlusSigner
: IMessageSigner
{
- private SPHINCSPlusPrivateKeyParameters privKey;
- private SPHINCSPlusPublicKeyParameters pubKey;
+ private SphincsPlusPrivateKeyParameters m_privKey;
+ private SphincsPlusPublicKeyParameters m_pubKey;
- private SecureRandom random;
+ private SecureRandom m_random;
/**
* Base constructor.
*/
- public SPHINCSPlusSigner()
+ public SphincsPlusSigner()
{
}
@@ -37,19 +36,19 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
if (forSigning)
{
- if (param is ParametersWithRandom)
+ if (param is ParametersWithRandom parametersWithRandom)
{
- privKey = ((SPHINCSPlusPrivateKeyParameters)((ParametersWithRandom)param).Parameters);
- this.random = ((ParametersWithRandom)param).Random;
+ m_privKey = (SphincsPlusPrivateKeyParameters)parametersWithRandom.Parameters;
+ m_random = parametersWithRandom.Random;
}
else
{
- privKey = (SPHINCSPlusPrivateKeyParameters)param;
+ m_privKey = (SphincsPlusPrivateKeyParameters)param;
}
}
else
{
- pubKey = (SPHINCSPlusPublicKeyParameters)param;
+ m_pubKey = (SphincsPlusPublicKeyParameters)param;
}
}
@@ -59,45 +58,45 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
// # Output: SPHINCS+ signature SIG
// init
- SPHINCSPlusEngine engine = privKey.GetParameters().GetEngine();
- engine.Init(privKey.GetPublicSeed());
+ SphincsPlusEngine engine = m_privKey.Parameters.GetEngine();
+ engine.Init(m_privKey.GetPublicSeed());
// generate randomizer
byte[] optRand = new byte[engine.N];
- if (random != null)
+ if (m_random != null)
{
- random.NextBytes(optRand);
+ m_random.NextBytes(optRand);
}
else
{
- Array.Copy(privKey.pk.seed, 0, optRand, 0, optRand.Length);
+ Array.Copy(m_privKey.m_pk.seed, 0, optRand, 0, optRand.Length);
}
Fors fors = new Fors(engine);
- byte[] R = engine.PRF_msg(privKey.sk.prf, optRand, message);
+ byte[] R = engine.PRF_msg(m_privKey.m_sk.prf, optRand, message);
// compute message digest and index
- IndexedDigest idxDigest = engine.H_msg(R, privKey.pk.seed, privKey.pk.root, message);
+ IndexedDigest idxDigest = engine.H_msg(R, m_privKey.m_pk.seed, m_privKey.m_pk.root, message);
byte[] mHash = idxDigest.digest;
ulong idx_tree = idxDigest.idx_tree;
uint idx_leaf = idxDigest.idx_leaf;
// FORS sign
Adrs adrs = new Adrs();
- adrs.SetType(Adrs.FORS_TREE);
+ adrs.SetAdrsType(Adrs.FORS_TREE);
adrs.SetTreeAddress(idx_tree);
adrs.SetKeyPairAddress(idx_leaf);
- SIG_FORS[] sig_fors = fors.Sign(mHash, privKey.sk.seed, privKey.pk.seed, adrs);
+ SIG_FORS[] sig_fors = fors.Sign(mHash, m_privKey.m_sk.seed, m_privKey.m_pk.seed, adrs);
// get FORS public key - spec shows M?
adrs = new Adrs();
- adrs.SetType(Adrs.FORS_TREE);
+ adrs.SetAdrsType(Adrs.FORS_TREE);
adrs.SetTreeAddress(idx_tree);
adrs.SetKeyPairAddress(idx_leaf);
- byte[] PK_FORS = fors.PKFromSig(sig_fors, mHash, privKey.pk.seed, adrs);
+ byte[] PK_FORS = fors.PKFromSig(sig_fors, mHash, m_privKey.m_pk.seed, adrs);
// sign FORS public key with HT
Adrs treeAdrs = new Adrs();
- treeAdrs.SetType(Adrs.TREE);
+ treeAdrs.SetAdrsType(Adrs.TREE);
- HT ht = new HT(engine, privKey.GetSeed(), privKey.GetPublicSeed());
+ HT ht = new HT(engine, m_privKey.GetSeed(), m_privKey.GetPublicSeed());
byte[] SIG_HT = ht.Sign(PK_FORS, idx_tree, idx_leaf);
byte[][] sigComponents = new byte[sig_fors.Length + 2][];
sigComponents[0] = R;
@@ -118,8 +117,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
//# Output: bool
// init
- SPHINCSPlusEngine engine = pubKey.GetParameters().GetEngine();
- engine.Init(pubKey.GetSeed());
+ SphincsPlusEngine engine = m_pubKey.Parameters.GetEngine();
+ engine.Init(m_pubKey.GetSeed());
Adrs adrs = new Adrs();
SIG sig = new SIG(engine.N, engine.K, engine.A, engine.D, engine.H_PRIME, engine.WOTS_LEN, signature);
@@ -129,24 +128,24 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
SIG_XMSS[] SIG_HT = sig.SIG_HT;
// compute message digest and index
- IndexedDigest idxDigest = engine.H_msg(R, pubKey.GetSeed(), pubKey.GetRoot(), message);
+ IndexedDigest idxDigest = engine.H_msg(R, m_pubKey.GetSeed(), m_pubKey.GetRoot(), message);
byte[] mHash = idxDigest.digest;
ulong idx_tree = idxDigest.idx_tree;
uint idx_leaf = idxDigest.idx_leaf;
// compute FORS public key
- adrs.SetType(Adrs.FORS_TREE);
+ adrs.SetAdrsType(Adrs.FORS_TREE);
adrs.SetLayerAddress(0);
adrs.SetTreeAddress(idx_tree);
adrs.SetKeyPairAddress(idx_leaf);
- byte[] PK_FORS = new Fors(engine).PKFromSig(sig_fors, mHash, pubKey.GetSeed(), adrs);
+ byte[] PK_FORS = new Fors(engine).PKFromSig(sig_fors, mHash, m_pubKey.GetSeed(), adrs);
// verify HT signature
- adrs.SetType(Adrs.TREE);
+ adrs.SetAdrsType(Adrs.TREE);
adrs.SetLayerAddress(0);
adrs.SetTreeAddress(idx_tree);
adrs.SetKeyPairAddress(idx_leaf);
- HT ht = new HT(engine, null, pubKey.GetSeed());
- return ht.Verify(PK_FORS, SIG_HT, pubKey.GetSeed(), idx_tree, idx_leaf, pubKey.GetRoot());
+ HT ht = new HT(engine, null, m_pubKey.GetSeed());
+ return ht.Verify(PK_FORS, SIG_HT, m_pubKey.GetSeed(), idx_tree, idx_leaf, m_pubKey.GetRoot());
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/sphincsplus/WotsPlus.cs b/crypto/src/pqc/crypto/sphincsplus/WotsPlus.cs
index c87cb67f4..b254530d9 100644
--- a/crypto/src/pqc/crypto/sphincsplus/WotsPlus.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/WotsPlus.cs
@@ -1,16 +1,16 @@
-
using System;
+
using Org.BouncyCastle.Crypto.Utilities;
using Org.BouncyCastle.Utilities;
namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
- class WotsPlus
+ internal class WotsPlus
{
- private SPHINCSPlusEngine engine;
+ private SphincsPlusEngine engine;
private uint w;
- internal WotsPlus(SPHINCSPlusEngine engine)
+ internal WotsPlus(SphincsPlusEngine engine)
{
this.engine = engine;
this.w = this.engine.WOTS_W;
@@ -21,16 +21,18 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
Adrs wotspkAdrs = new Adrs(paramAdrs); // copy address to create OTS public key address
byte[][] tmp = new byte[engine.WOTS_LEN][];
+ byte[] sk = new byte[engine.N];
for (uint i = 0; i < engine.WOTS_LEN; i++)
{
Adrs adrs = new Adrs(paramAdrs);
- adrs.SetType(Adrs.WOTS_PRF);
+ adrs.SetAdrsType(Adrs.WOTS_PRF);
adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress());
adrs.SetChainAddress(i);
adrs.SetHashAddress(0);
-
- byte[] sk = engine.PRF(pkSeed, skSeed, adrs);
- adrs.SetType(Adrs.WOTS_HASH);
+
+ engine.PRF(pkSeed, skSeed, adrs, sk, 0);
+
+ adrs.SetAdrsType(Adrs.WOTS_HASH);
adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress());
adrs.SetChainAddress(i);
adrs.SetHashAddress(0);
@@ -38,45 +40,44 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
tmp[i] = Chain(sk, 0, w - 1, pkSeed, adrs);
}
- wotspkAdrs.SetType(Adrs.WOTS_PK);
+ wotspkAdrs.SetAdrsType(Adrs.WOTS_PK);
wotspkAdrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress());
return engine.T_l(pkSeed, wotspkAdrs, Arrays.ConcatenateAll(tmp));
}
- // #Input: Input string X, start index i, number of steps s, public seed PK.seed,
- // address Adrs
- // #Output: value of F iterated s times on X
- byte[] Chain(byte[] X, uint i, uint s, byte[] pkSeed, Adrs adrs)
+ // #Input: Input string X, start index i, number of steps s, public seed PK.seed, address Adrs
+ // #Output: value of F iterated s times on X
+ internal byte[] Chain(byte[] X, uint i, uint s, byte[] pkSeed, Adrs adrs)
{
if (s == 0)
- {
return Arrays.Clone(X);
- }
if ((i + s) > (this.w - 1))
- {
return null;
- }
- byte[] tmp = Chain(X, i, s - 1, pkSeed, adrs);
- adrs.SetHashAddress(i + s - 1);
- tmp = engine.F(pkSeed, adrs, tmp);
-
- return tmp;
+ byte[] result = X;
+ for (uint j = 0; j < s; ++j)
+ {
+ adrs.SetHashAddress(i + j);
+ result = engine.F(pkSeed, adrs, result);
+ }
+ return result;
}
- //
// #Input: Message M, secret seed SK.seed, public seed PK.seed, address Adrs
// #Output: WOTS+ signature sig
- public byte[] Sign(byte[] M, byte[] skSeed, byte[] pkSeed, Adrs paramAdrs)
+ internal byte[] Sign(byte[] M, byte[] skSeed, byte[] pkSeed, Adrs paramAdrs)
{
Adrs adrs = new Adrs(paramAdrs);
- uint csum = 0;
+ uint[] msg = new uint[engine.WOTS_LEN];
+
// convert message to base w
- uint[] msg = BaseW(M, w, engine.WOTS_LEN1);
+ BaseW(M, 0, w, msg, 0, engine.WOTS_LEN1);
+
// compute checksum
+ uint csum = 0;
for (int i = 0; i < engine.WOTS_LEN1; i++)
{
csum += w - 1 - msg[i];
@@ -85,22 +86,24 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
// convert csum to base w
if ((engine.WOTS_LOGW % 8) != 0)
{
- csum = csum << (8 - ((engine.WOTS_LEN2 * engine.WOTS_LOGW) % 8));
+ csum <<= 8 - (engine.WOTS_LEN2 * engine.WOTS_LOGW % 8);
}
-
int len_2_bytes = (engine.WOTS_LEN2 * engine.WOTS_LOGW + 7) / 8;
- byte[] bytes = Pack.UInt32_To_BE(csum);
- msg = Arrays.Concatenate(msg,
- BaseW(Arrays.CopyOfRange(bytes, 4 -len_2_bytes, bytes.Length), w, engine.WOTS_LEN2));
+ byte[] csum_bytes = Pack.UInt32_To_BE(csum);
+ BaseW(csum_bytes, 4 - len_2_bytes, w, msg, engine.WOTS_LEN1, engine.WOTS_LEN2);
+
byte[][] sig = new byte[engine.WOTS_LEN][];
+ byte[] sk = new byte[engine.N];
for (uint i = 0; i < engine.WOTS_LEN; i++)
{
- adrs.SetType(Adrs.WOTS_PRF);
+ adrs.SetAdrsType(Adrs.WOTS_PRF);
adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress());
adrs.SetChainAddress(i);
adrs.SetHashAddress(0);
- byte[] sk = engine.PRF(pkSeed, skSeed, adrs);
- adrs.SetType(Adrs.WOTS_HASH);
+
+ engine.PRF(pkSeed, skSeed, adrs, sk, 0);
+
+ adrs.SetAdrsType(Adrs.WOTS_HASH);
adrs.SetKeyPairAddress(paramAdrs.GetKeyPairAddress());
adrs.SetChainAddress(i);
adrs.SetHashAddress(0);
@@ -113,50 +116,46 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
//
// Input: len_X-byte string X, int w, output length out_len
- // Output: out_len int array basew
- uint[] BaseW(byte[] X, uint w, int out_len)
+ // Output: outLen int array basew
+ internal void BaseW(byte[] X, int XOff, uint w, uint[] output, int outOff, int outLen)
{
- int input = 0;
- int outputIndex = 0;
int total = 0;
int bits = 0;
- uint[] output = new uint[out_len];
- for (int consumed = 0; consumed < out_len; consumed++)
+ for (int consumed = 0; consumed < outLen; consumed++)
{
if (bits == 0)
{
- total = X[input];
- input++;
+ total = X[XOff++];
bits += 8;
}
bits -= engine.WOTS_LOGW;
- output[outputIndex] = (uint) ((total >> bits) & (w - 1));
- outputIndex++;
+ output[outOff++] = (uint)((total >> bits) & (w - 1));
}
-
- return output;
}
- public byte[] PKFromSig(byte[] sig, byte[] M, byte[] pkSeed, Adrs adrs)
+ internal byte[] PKFromSig(byte[] sig, byte[] M, byte[] pkSeed, Adrs adrs)
{
- uint csum = 0;
Adrs wotspkAdrs = new Adrs(adrs);
+
+ uint[] msg = new uint[engine.WOTS_LEN];
+
// convert message to base w
- uint[] msg = BaseW(M, w, engine.WOTS_LEN1);
+ BaseW(M, 0, w, msg, 0, engine.WOTS_LEN1);
+
// compute checksum
+ uint csum = 0;
for (int i = 0; i < engine.WOTS_LEN1; i++)
{
- csum += (uint) (w - 1 - msg[i]);
+ csum += w - 1 - msg[i];
}
// convert csum to base w
- csum = csum << (8 - ((engine.WOTS_LEN2 * engine.WOTS_LOGW) % 8));
+ csum <<= 8 - (engine.WOTS_LEN2 * engine.WOTS_LOGW % 8);
int len_2_bytes = (engine.WOTS_LEN2 * engine.WOTS_LOGW + 7) / 8;
-
- msg = Arrays.Concatenate(msg,
- BaseW(Arrays.CopyOfRange(Pack.UInt32_To_BE(csum), 4 - len_2_bytes, 4), w, engine.WOTS_LEN2));
+ byte[] csum_bytes = Pack.UInt32_To_BE(csum);
+ BaseW(csum_bytes, 4 - len_2_bytes, w, msg, engine.WOTS_LEN1, engine.WOTS_LEN2);
byte[] sigI = new byte[engine.N];
byte[][] tmp = new byte[engine.WOTS_LEN][];
@@ -165,12 +164,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
adrs.SetChainAddress(i);
Array.Copy(sig, i * engine.N, sigI, 0, engine.N);
tmp[i] = Chain(sigI, msg[i], w - 1 - msg[i], pkSeed, adrs);
- } // f6be78d057cc8056907ad2bf83cc8be7
+ }
- wotspkAdrs.SetType(Adrs.WOTS_PK);
+ wotspkAdrs.SetAdrsType(Adrs.WOTS_PK);
wotspkAdrs.SetKeyPairAddress(adrs.GetKeyPairAddress());
return engine.T_l(pkSeed, wotspkAdrs, Arrays.ConcatenateAll(tmp));
}
}
-}
\ No newline at end of file
+}
diff --git a/crypto/src/pqc/crypto/utils/PqcUtilities.cs b/crypto/src/pqc/crypto/utils/PqcUtilities.cs
index 2820b3cfd..26ced321a 100644
--- a/crypto/src/pqc/crypto/utils/PqcUtilities.cs
+++ b/crypto/src/pqc/crypto/utils/PqcUtilities.cs
@@ -207,9 +207,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
return dilithiumOids[parameters];
}
- internal static DerObjectIdentifier SphincsPlusOidLookup(SPHINCSPlusParameters parameters)
+ internal static DerObjectIdentifier SphincsPlusOidLookup(SphincsPlusParameters parameters)
{
- uint pId = SPHINCSPlusParameters.GetID(parameters);
+ uint pId = SphincsPlusParameters.GetID(parameters);
if ((pId & 0x020000) == 0x020000)
{
diff --git a/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs b/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs
index db424faac..63ae37e48 100644
--- a/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs
+++ b/crypto/src/pqc/crypto/utils/PrivateKeyFactory.cs
@@ -83,9 +83,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
if (algOID.On(BCObjectIdentifiers.sphincsPlus))
{
byte[] keyEnc = Asn1OctetString.GetInstance(keyInfo.ParsePrivateKey()).GetOctets();
- SPHINCSPlusParameters spParams = SPHINCSPlusParameters.GetParams((uint)BigInteger.ValueOf(Pack.BE_To_UInt32(keyEnc, 0)).IntValue);
+ SphincsPlusParameters spParams = SphincsPlusParameters.GetParams((uint)BigInteger.ValueOf(Pack.BE_To_UInt32(keyEnc, 0)).IntValue);
- return new SPHINCSPlusPrivateKeyParameters(spParams, Arrays.CopyOfRange(keyEnc, 4, keyEnc.Length));
+ return new SphincsPlusPrivateKeyParameters(spParams, Arrays.CopyOfRange(keyEnc, 4, keyEnc.Length));
}
if (algOID.On(BCObjectIdentifiers.pqc_kem_saber))
{
diff --git a/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs b/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs
index 2768ad6f1..010d9f0e3 100644
--- a/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs
+++ b/crypto/src/pqc/crypto/utils/PrivateKeyInfoFactory.cs
@@ -61,14 +61,15 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdAlgHssLmsHashsig);
return new PrivateKeyInfo(algorithmIdentifier, new DerOctetString(encoding), attributes, pubEncoding);
}
- if (privateKey is SPHINCSPlusPrivateKeyParameters)
+ if (privateKey is SphincsPlusPrivateKeyParameters)
{
- SPHINCSPlusPrivateKeyParameters parameters = (SPHINCSPlusPrivateKeyParameters)privateKey;
+ SphincsPlusPrivateKeyParameters parameters = (SphincsPlusPrivateKeyParameters)privateKey;
byte[] encoding = parameters.GetEncoded();
byte[] pubEncoding = parameters.GetEncodedPublicKey();
- AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PqcUtilities.SphincsPlusOidLookup(parameters.GetParameters()));
+ AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(
+ PqcUtilities.SphincsPlusOidLookup(parameters.Parameters));
return new PrivateKeyInfo(algorithmIdentifier, new DerOctetString(encoding), attributes, pubEncoding);
}
if (privateKey is CmcePrivateKeyParameters)
diff --git a/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs b/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs
index e2279c15c..a5aaca92c 100644
--- a/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs
+++ b/crypto/src/pqc/crypto/utils/PublicKeyFactory.cs
@@ -28,10 +28,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
static PublicKeyFactory()
{
- converters[BCObjectIdentifiers.sphincsPlus] = new SPHINCSPlusConverter();
- converters[BCObjectIdentifiers.sphincsPlus_shake_256] = new SPHINCSPlusConverter();
- converters[BCObjectIdentifiers.sphincsPlus_sha_256] = new SPHINCSPlusConverter();
- converters[BCObjectIdentifiers.sphincsPlus_sha_512] = new SPHINCSPlusConverter();
+ converters[BCObjectIdentifiers.sphincsPlus] = new SphincsPlusConverter();
+ converters[BCObjectIdentifiers.sphincsPlus_shake_256] = new SphincsPlusConverter();
+ converters[BCObjectIdentifiers.sphincsPlus_sha_256] = new SphincsPlusConverter();
+ converters[BCObjectIdentifiers.sphincsPlus_sha_512] = new SphincsPlusConverter();
converters[BCObjectIdentifiers.mceliece348864_r3] = new CmceConverter();
converters[BCObjectIdentifiers.mceliece348864f_r3] = new CmceConverter();
@@ -127,7 +127,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
/// <param name="defaultParams"> default parameters that might be needed.</param>
/// <returns> the appropriate key parameter</returns>
/// <exception cref="IOException"> on an error decoding the key</exception>
- public static AsymmetricKeyParameter CreateKey(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+ public static AsymmetricKeyParameter CreateKey(SubjectPublicKeyInfo keyInfo, object defaultParams)
{
AlgorithmIdentifier algId = keyInfo.AlgorithmID;
SubjectPublicKeyInfoConverter converter = (SubjectPublicKeyInfoConverter)converters[algId.Algorithm];
@@ -143,26 +143,26 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
}
private abstract class SubjectPublicKeyInfoConverter
{
- internal abstract AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams);
+ internal abstract AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams);
}
- private class SPHINCSPlusConverter
+ private class SphincsPlusConverter
: SubjectPublicKeyInfoConverter
{
- internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+ internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams)
{
byte[] keyEnc = DerOctetString.GetInstance(keyInfo.ParsePublicKey()).GetOctets();
- SPHINCSPlusParameters spParams = SPHINCSPlusParameters.GetParams((uint)BigInteger.ValueOf(Pack.BE_To_UInt32(keyEnc, 0)).IntValue);
+ SphincsPlusParameters spParams = SphincsPlusParameters.GetParams((uint)BigInteger.ValueOf(Pack.BE_To_UInt32(keyEnc, 0)).IntValue);
- return new SPHINCSPlusPublicKeyParameters(spParams, Arrays.CopyOfRange(keyEnc, 4, keyEnc.Length));
+ return new SphincsPlusPublicKeyParameters(spParams, Arrays.CopyOfRange(keyEnc, 4, keyEnc.Length));
}
}
private class CmceConverter
: SubjectPublicKeyInfoConverter
{
- internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+ internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams)
{
byte[] keyEnc = CmcePublicKey.GetInstance(keyInfo.ParsePublicKey()).T;
@@ -175,7 +175,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
private class SaberConverter
: SubjectPublicKeyInfoConverter
{
- internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+ internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams)
{
byte[] keyEnc = DerOctetString.GetInstance(
DerSequence.GetInstance(keyInfo.ParsePublicKey())[0]).GetOctets();
@@ -189,7 +189,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
private class PicnicConverter
: SubjectPublicKeyInfoConverter
{
- internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+ internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams)
{
byte[] keyEnc = DerOctetString.GetInstance(keyInfo.ParsePublicKey()).GetOctets();
@@ -201,7 +201,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
private class SikeConverter
: SubjectPublicKeyInfoConverter
{
- internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+ internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams)
{
byte[] keyEnc = DerOctetString.GetInstance(keyInfo.ParsePublicKey()).GetOctets();
@@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
private class DilithiumConverter
: SubjectPublicKeyInfoConverter
{
- internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+ internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams)
{
DilithiumParameters dilithiumParams = PqcUtilities.DilithiumParamsLookup(keyInfo.AlgorithmID.Algorithm);
@@ -238,7 +238,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
private class KyberConverter
: SubjectPublicKeyInfoConverter
{
- internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+ internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams)
{
KyberParameters kyberParameters = PqcUtilities.KyberParamsLookup(keyInfo.AlgorithmID.Algorithm);
@@ -259,11 +259,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
}
}
}
-
+
private class FalconConverter
: SubjectPublicKeyInfoConverter
{
- internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
+ internal override AsymmetricKeyParameter GetPublicKeyParameters(SubjectPublicKeyInfo keyInfo, object defaultParams)
{
FalconParameters falconParams = PqcUtilities.FalconParamsLookup(keyInfo.AlgorithmID.Algorithm);
diff --git a/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs b/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs
index eea6b8717..8aa09af06 100644
--- a/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs
+++ b/crypto/src/pqc/crypto/utils/SubjectPublicKeyInfoFactory.cs
@@ -41,13 +41,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.Utilities
if (publicKey.IsPrivate)
throw new ArgumentException("Private key passed - public key expected.", "publicKey");
- if (publicKey is SPHINCSPlusPublicKeyParameters)
+ if (publicKey is SphincsPlusPublicKeyParameters)
{
- SPHINCSPlusPublicKeyParameters parameters = (SPHINCSPlusPublicKeyParameters)publicKey;
+ SphincsPlusPublicKeyParameters parameters = (SphincsPlusPublicKeyParameters)publicKey;
byte[] encoding = parameters.GetEncoded();
- AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PqcUtilities.SphincsPlusOidLookup(parameters.GetParameters()));
+ AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(
+ PqcUtilities.SphincsPlusOidLookup(parameters.Parameters));
return new SubjectPublicKeyInfo(algorithmIdentifier, new DerOctetString(encoding));
}
if (publicKey is CmcePublicKeyParameters)
diff --git a/crypto/test/src/pqc/crypto/test/SphincsPlusTest.cs b/crypto/test/src/pqc/crypto/test/SphincsPlusTest.cs
index d5f909c69..39c81a700 100644
--- a/crypto/test/src/pqc/crypto/test/SphincsPlusTest.cs
+++ b/crypto/test/src/pqc/crypto/test/SphincsPlusTest.cs
@@ -104,43 +104,43 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
[Test]
public void TestBasicKeyGeneration()
{
- SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator();
+ SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator();
FixedSecureRandom.Source[] source = { new FixedSecureRandom.Source(Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E4792F267AAFA3F87CA60D01CB54F29202A3E784CCB7EBCDCFD45542B7F6AF778742E0F4479175084AA488B3B74340678AAD111491E7E52F6F1D726DAF2A4E75CAFB60D034B6E912B26BE68464B0095D60D")) };
FixedSecureRandom random = new FixedSecureRandom(source);
- kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_256f));
+ kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_256f));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
- SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public;
- SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private;
+ SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public;
+ SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private;
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), pubParams.GetEncoded()));
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4792f267aafa3f87ca60d01cb54f29202a3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), privParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), pubParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4792f267aafa3f87ca60d01cb54f29202a3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), privParams.GetEncoded()));
SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubParams);
PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privParams);
- pubParams = (SPHINCSPlusPublicKeyParameters)PublicKeyFactory.CreateKey(pubInfo.GetEncoded());
- privParams = (SPHINCSPlusPrivateKeyParameters)PrivateKeyFactory.CreateKey(privInfo.GetEncoded());
+ pubParams = (SphincsPlusPublicKeyParameters)PublicKeyFactory.CreateKey(pubInfo.GetEncoded());
+ privParams = (SphincsPlusPrivateKeyParameters)PrivateKeyFactory.CreateKey(privInfo.GetEncoded());
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), pubParams.GetEncoded()));
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4792f267aafa3f87ca60d01cb54f29202a3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), privParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), pubParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4792f267aafa3f87ca60d01cb54f29202a3e784ccb7ebcdcfd45542b7f6af778742e0f4479175084aa488b3b74340678aa6ba9430051e61cb676e8449087b938a79575b3a16736ce68a3655a28001155f5")), privParams.GetEncoded()));
}
[Test]
public void TestBasicKeyImportSimpleSign()
{
- SPHINCSPlusPublicKeyParameters pubParams = new SPHINCSPlusPublicKeyParameters(SPHINCSPlusParameters.sha2_128f, Hex.Decode("b505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8"));
- SPHINCSPlusPrivateKeyParameters privParams = new SPHINCSPlusPrivateKeyParameters(SPHINCSPlusParameters.sha2_128f, Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8"));
+ SphincsPlusPublicKeyParameters pubParams = new SphincsPlusPublicKeyParameters(SphincsPlusParameters.sha2_128f, Hex.Decode("b505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8"));
+ SphincsPlusPrivateKeyParameters privParams = new SphincsPlusPrivateKeyParameters(SphincsPlusParameters.sha2_128f, Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8"));
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")), pubParams.GetEncoded()));
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")), privParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")), pubParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e473985e5a31e5b9a0457916c84320c2ea8")), privParams.GetEncoded()));
byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8");
- SPHINCSPlusSigner signer = new SPHINCSPlusSigner();
+ SphincsPlusSigner signer = new SphincsPlusSigner();
FixedSecureRandom.Source[] source1 =
{new FixedSecureRandom.Source(Hex.Decode("33b3c07507e4201748494d832b6ee2a6"))};
@@ -162,22 +162,22 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
[Test]
public void TestBasicSignature()
{
- SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator();
+ SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator();
FixedSecureRandom.Source[] source = {new FixedSecureRandom.Source (Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E4711E95F8A383854BA16A5DD3E25FF71D3"
+ "061550234D158C5EC95595FE04EF7A25767F2E24CC2BC479D09D86DC9ABCFDE7056A8C266F9EF97ED08541DBD2E1FFA1"))};
FixedSecureRandom random = new FixedSecureRandom(source);
- kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.sha2_128f));
+ kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.sha2_128f));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
- SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public;
- SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private;
+ SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public;
+ SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private;
byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8");
- SPHINCSPlusSigner signer = new SPHINCSPlusSigner();
+ SphincsPlusSigner signer = new SphincsPlusSigner();
FixedSecureRandom.Source[] source1 =
{new FixedSecureRandom.Source(Hex.Decode("33b3c07507e4201748494d832b6ee2a6"))};
@@ -199,23 +199,23 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
[Test]
public void TestDeterministicSignature()
{
- SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator();
+ SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator();
FixedSecureRandom.Source[] source = {new FixedSecureRandom.Source(Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E4711E95F8A383854BA16A5DD3E25FF71D3"
+ "061550234D158C5EC95595FE04EF7A25767F2E24CC2BC479D09D86DC9ABCFDE7056A8C266F9EF97ED08541DBD2E1FFA1"))};
FixedSecureRandom random = new FixedSecureRandom(source);
- kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.sha2_128f));
+ kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.sha2_128f));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
- SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public;
- SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private;
+ SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public;
+ SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private;
byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8");
- SPHINCSPlusSigner signer = new SPHINCSPlusSigner();
+ SphincsPlusSigner signer = new SphincsPlusSigner();
signer.Init(true, privParams);
@@ -234,7 +234,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
[Test]
public void TestBasicKeyGenerationShake256128fSimple()
{
- SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator();
+ SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator();
FixedSecureRandom.Source[] source = {new FixedSecureRandom.Source(Hex.Decode(
@@ -242,21 +242,21 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
FixedSecureRandom random = new FixedSecureRandom(source);
- kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_128f_simple));
+ kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_128f_simple));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
- SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public;
- SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private;
+ SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public;
+ SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private;
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e47afbc007ba1e2b4a138f03aa9a6195ac8")), pubParams.GetEncoded()));
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e47afbc007ba1e2b4a138f03aa9a6195ac8")), privParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e47afbc007ba1e2b4a138f03aa9a6195ac8")), pubParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e47afbc007ba1e2b4a138f03aa9a6195ac8")), privParams.GetEncoded()));
}
[Test]
public void TestBasicKeyGenerationShake256128fSimpleSign()
{
- SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator();
+ SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator();
FixedSecureRandom.Source[] source = {new FixedSecureRandom.Source(Hex.Decode(
"7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E4766BA69D8560A9F84846AD8B765390C84"))};
@@ -264,16 +264,16 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
FixedSecureRandom random = new FixedSecureRandom(source);
- kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_128f_simple));
+ kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_128f_simple));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
- SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public;
- SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private;
+ SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public;
+ SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private;
byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8");
- SPHINCSPlusSigner signer = new SPHINCSPlusSigner();
+ SphincsPlusSigner signer = new SphincsPlusSigner();
FixedSecureRandom.Source[] source1 = { new FixedSecureRandom.Source(Hex.Decode("33b3c07507e4201748494d832b6ee2a6")) };
@@ -295,42 +295,42 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
[Test]
public void TestBasicKeyGenerationShake256128fRobust()
{
- SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator();
+ SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator();
FixedSecureRandom.Source[] source = { new FixedSecureRandom.Source(Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E47354D75735F16E03DEC94D1F5B00C213D")) };
FixedSecureRandom random = new FixedSecureRandom(source);
- kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_128f));
+ kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_128f));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
- SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public;
- SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private;
+ SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public;
+ SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private;
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e4714be46e5b92237d09a0ea8a0404033a6")), pubParams.GetEncoded()));
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4714be46e5b92237d09a0ea8a0404033a6")), privParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), Hex.Decode("b505d7cfad1b497499323c8686325e4714be46e5b92237d09a0ea8a0404033a6")), pubParams.GetEncoded()));
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), Hex.Decode("7c9935a0b07694aa0c6d10e4db6b1add2fd81a25ccb148032dcd739936737f2db505d7cfad1b497499323c8686325e4714be46e5b92237d09a0ea8a0404033a6")), privParams.GetEncoded()));
}
[Test]
public void TestBasicKeyGenerationShake256128fRobustSign()
{
- SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator();
+ SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator();
FixedSecureRandom.Source[] source = { new FixedSecureRandom.Source(Hex.Decode("7C9935A0B07694AA0C6D10E4DB6B1ADD2FD81A25CCB148032DCD739936737F2DB505D7CFAD1B497499323C8686325E47354D75735F16E03DEC94D1F5B00C213D")) };
FixedSecureRandom random = new FixedSecureRandom(source);
- kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, SPHINCSPlusParameters.shake_128f));
+ kpGen.Init(new SphincsPlusKeyGenerationParameters(random, SphincsPlusParameters.shake_128f));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
- SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public;
- SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private;
+ SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public;
+ SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private;
byte[] msg = Hex.Decode("D81C4D8D734FCBFBEADE3D3F8A039FAA2A2C9957E835AD55B22E75BF57BB556AC8");
- SPHINCSPlusSigner signer = new SPHINCSPlusSigner();
+ SphincsPlusSigner signer = new SphincsPlusSigner();
FixedSecureRandom.Source[] source1 =
{new FixedSecureRandom.Source(Hex.Decode("33b3c07507e4201748494d832b6ee2a6"))};
@@ -378,12 +378,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
byte[] sigExpected = Hex.Decode(buf["sm"]);
byte[] oprR = Hex.Decode(buf["optrand"]);
- SPHINCSPlusKeyPairGenerator kpGen = new SPHINCSPlusKeyPairGenerator();
+ SphincsPlusKeyPairGenerator kpGen = new SphincsPlusKeyPairGenerator();
FixedSecureRandom.Source[] source = { new FixedSecureRandom.Source(sk) };
SecureRandom random = new FixedSecureRandom(source);
- SPHINCSPlusParameters parameters;
+ SphincsPlusParameters parameters;
string[] nameParts = SplitOn(name, '-');
bool sha2 = nameParts[0].Equals("sha2");
@@ -442,25 +442,25 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
throw new ArgumentException("unknown complexity");
}
- parameters = (SPHINCSPlusParameters)typeof(SPHINCSPlusParameters).GetField(b.ToString()).GetValue(null);//todo unsure
+ parameters = (SphincsPlusParameters)typeof(SphincsPlusParameters).GetField(b.ToString()).GetValue(null);//todo unsure
//
// Generate keys and test.
//
- kpGen.Init(new SPHINCSPlusKeyGenerationParameters(random, parameters));
+ kpGen.Init(new SphincsPlusKeyGenerationParameters(random, parameters));
AsymmetricCipherKeyPair kp = kpGen.GenerateKeyPair();
- SPHINCSPlusPublicKeyParameters pubParams = (SPHINCSPlusPublicKeyParameters)kp.Public;
- SPHINCSPlusPrivateKeyParameters privParams = (SPHINCSPlusPrivateKeyParameters)kp.Private;
+ SphincsPlusPublicKeyParameters pubParams = (SphincsPlusPublicKeyParameters)kp.Public;
+ SphincsPlusPrivateKeyParameters privParams = (SphincsPlusPrivateKeyParameters)kp.Private;
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.GetParameters().GetEncoded(), pk), pubParams.GetEncoded()), name + " " + count + ": public key");
- Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.GetParameters().GetEncoded(), sk), privParams.GetEncoded()), name + " " + count + ": secret key");
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(pubParams.Parameters.GetEncoded(), pk), pubParams.GetEncoded()), name + " " + count + ": public key");
+ Assert.True(Arrays.AreEqual(Arrays.Concatenate(privParams.Parameters.GetEncoded(), sk), privParams.GetEncoded()), name + " " + count + ": secret key");
//
// Signature test
//
- SPHINCSPlusSigner signer = new SPHINCSPlusSigner();
+ SphincsPlusSigner signer = new SphincsPlusSigner();
FixedSecureRandom.Source[] s1 = { new FixedSecureRandom.Source(oprR) };
signer.Init(true, new ParametersWithRandom(privParams, new FixedSecureRandom(s1)));
|
