diff options
| -rw-r--r-- | crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs | 104 |
1 files changed, 18 insertions, 86 deletions
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs index 72fd471d6..fed041046 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs @@ -12,7 +12,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { internal abstract class SphincsPlusEngine { - bool robust; + internal bool robust; internal int N; @@ -25,12 +25,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus internal uint D; internal int A; // FORS_HEIGHT internal int K; // FORS_TREES - uint FH; // FULL_HEIGHT + internal uint FH; // FULL_HEIGHT internal uint H_PRIME; // H / D internal uint T; // T = 1 << A - public SphincsPlusEngine(bool robust, int n, uint w, uint d, int a, int k, uint h) + internal SphincsPlusEngine(bool robust, int n, uint w, uint d, int a, int k, uint h) { this.N = n; @@ -347,44 +347,25 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus Array.Copy(adrs.value, Adrs.OFFSET_TREE + 4, rv, 1, 8); // LS 8 bytes Tree address Array.Copy(adrs.value, Adrs.OFFSET_TYPE + 3, rv, 9, 1); // LSB type Array.Copy(adrs.value, 20, rv, 10, 12); - return rv; } protected byte[] Bitmask(byte[] key, byte[] m) { byte[] mask = new byte[m.Length]; - mgf1.Init(new MgfParameters(key)); - mgf1.GenerateBytes(mask, 0, mask.Length); - - for (int i = 0; i < m.Length; ++i) - { - mask[i] ^= m[i]; - } - + Bytes.XorTo(m.Length, m, mask); return mask; } protected byte[] Bitmask(byte[] key, byte[] m1, byte[] m2) { byte[] mask = new byte[m1.Length + m2.Length]; - mgf1.Init(new MgfParameters(key)); - mgf1.GenerateBytes(mask, 0, mask.Length); - - for (int i = 0; i < m1.Length; ++i) - { - mask[i] ^= m1[i]; - } - for (int i = 0; i < m2.Length; ++i) - { - mask[i + m1.Length] ^= m2[i]; - } - - + Bytes.XorTo(m1.Length, m1, mask); + Bytes.XorTo(m2.Length, m2, 0, mask, m1.Length); return mask; } @@ -395,18 +376,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus #endif { byte[] mask = new byte[m.Length]; - Mgf1BytesGenerator mgf1 = new Mgf1BytesGenerator(new Sha256Digest()); - mgf1.Init(new MgfParameters(key)); - mgf1.GenerateBytes(mask, 0, mask.Length); - - for (int i = 0; i < m.Length; ++i) - { - mask[i] ^= m[i]; - } - + Bytes.XorTo(m.Length, m, mask); return mask; } } @@ -571,16 +544,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus protected byte[] Bitmask(byte[] pkSeed, Adrs adrs, byte[] m) { byte[] mask = new byte[m.Length]; - maskDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); maskDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); maskDigest.OutputFinal(mask, 0, mask.Length); - - for (int i = 0; i < m.Length; ++i) - { - mask[i] ^= m[i]; - } - + Bytes.XorTo(m.Length, m, mask); return mask; } @@ -591,34 +558,20 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus maskDigest.BlockUpdate(pkSeed); maskDigest.BlockUpdate(adrs.value); maskDigest.OutputFinal(mask); - - for (int i = 0; i < m.Length; ++i) - { - m[i] ^= mask[i]; - } + Bytes.XorTo(m.Length, mask, m); } #endif protected byte[] Bitmask(byte[] pkSeed, Adrs adrs, byte[] m1, byte[] m2) { byte[] mask = new byte[m1.Length + m2.Length]; - maskDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); maskDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); maskDigest.OutputFinal(mask, 0, mask.Length); - - for (int i = 0; i < m1.Length; ++i) - { - mask[i] ^= m1[i]; - } - for (int i = 0; i < m2.Length; ++i) - { - mask[i + m1.Length] ^= m2[i]; - } - + Bytes.XorTo(m1.Length, m1, mask); + Bytes.XorTo(m2.Length, m2, 0, mask, m1.Length); return mask; } - } internal class HarakaSEngine @@ -649,10 +602,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { harakaS256Digest.BlockUpdate(adrs.value, 0, adrs.value.Length); harakaS256Digest.DoFinal(hash, 0); - for (int i = 0; i < m1.Length; ++i) - { - hash[i] ^= m1[i]; - } + Bytes.XorTo(m1.Length, m1, hash); harakaS512Digest.BlockUpdate(hash, 0, m1.Length); } else @@ -672,10 +622,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { harakaS256Digest.BlockUpdate(adrs.value); harakaS256Digest.DoFinal(hash); - for (int i = 0; i < m1.Length; ++i) - { - m1[i] ^= hash[i]; - } + Bytes.XorTo(m1.Length, hash, m1); } harakaS512Digest.BlockUpdate(adrs.value); @@ -787,10 +734,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus byte[] mask = new byte[m.Length]; harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length); harakaSXof.OutputFinal(mask, 0, mask.Length); - for (int i = 0; i < m.Length; ++i) - { - m[i] ^= mask[i]; - } + Bytes.XorTo(m.Length, mask, m); } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER @@ -799,10 +743,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus Span<byte> mask = stackalloc byte[m.Length]; harakaSXof.BlockUpdate(adrs.value); harakaSXof.OutputFinal(mask); - for (int i = 0; i < m.Length; ++i) - { - m[i] ^= mask[i]; - } + Bytes.XorTo(m.Length, mask, m); } #endif } @@ -835,10 +776,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { Span<byte> mask = stackalloc byte[32]; Haraka256_X86.Hash(adrs.value, mask, m_harakaS.RoundConstants); - for (int i = 0; i < m1.Length; ++i) - { - buf[32 + i] = (byte)(m1[i] ^ mask[i]); - } + Bytes.Xor(m1.Length, m1, mask, buf[32..]); } else { @@ -857,10 +795,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { Span<byte> mask = stackalloc byte[32]; Haraka256_X86.Hash(adrs.value, mask, m_harakaS.RoundConstants); - for (int i = 0; i < m1.Length; ++i) - { - buf[32 + i] = (byte)(m1[i] ^ mask[i]); - } + Bytes.Xor(m1.Length, m1, mask, buf[32..]); } else { @@ -949,10 +884,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus Span<byte> mask = stackalloc byte[m.Length]; m_harakaS.BlockUpdate(adrs.value); m_harakaS.OutputFinal(mask); - for (int i = 0; i < m.Length; ++i) - { - m[i] ^= mask[i]; - } + Bytes.XorTo(m.Length, mask, m); } } #endif |