diff options
-rw-r--r-- | crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs | 26 | ||||
-rw-r--r-- | crypto/src/pqc/crypto/crystals/kyber/KyberEngine.cs | 7 |
2 files changed, 16 insertions, 17 deletions
diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs index 4ba769984..27f1a59cd 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs @@ -17,6 +17,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium public const int RootOfUnity = 1753; public const int SeedBytes = 32; public const int CrhBytes = 64; + public const int RndBytes = 32; + public const int TrBytes = 64; public const int PolyT1PackedBytes = 320; public const int PolyT0PackedBytes = 416; @@ -126,7 +128,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium byte[] buf = new byte[2 * SeedBytes + CrhBytes]; byte[] rhoPrime = new byte[CrhBytes]; - tr = new byte[SeedBytes]; + tr = new byte[TrBytes]; rho = new byte[SeedBytes]; key = new byte[SeedBytes]; s1_ = new byte[L * PolyEtaPackedBytes]; @@ -171,7 +173,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium Shake256Digest.BlockUpdate(rho, 0, rho.Length); Shake256Digest.BlockUpdate(encT1, 0, encT1.Length); - Shake256Digest.OutputFinal(tr, 0, SeedBytes); + Shake256Digest.OutputFinal(tr, 0, TrBytes); Packing.PackSecretKey(t0_, s1_, s2_, t0, s1, s2, this); } @@ -190,21 +192,21 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium Packing.UnpackSecretKey(t0, s1, s2, t0Enc, s1Enc, s2Enc, this); ShakeDigest ShakeDigest256 = new ShakeDigest(256); - ShakeDigest256.BlockUpdate(tr, 0, SeedBytes); + ShakeDigest256.BlockUpdate(tr, 0, TrBytes); ShakeDigest256.BlockUpdate(msg, 0, msglen); ShakeDigest256.OutputFinal(mu, 0, CrhBytes); + byte[] rnd = new byte[RndBytes]; if (_random != null) { _random.NextBytes(rhoPrime); } - else - { - byte[] KeyMu = Arrays.CopyOf(key, SeedBytes + CrhBytes); - Array.Copy(mu, 0, KeyMu, SeedBytes, CrhBytes); - ShakeDigest256.BlockUpdate(KeyMu, 0, SeedBytes + CrhBytes); - ShakeDigest256.OutputFinal(rhoPrime, 0, CrhBytes); - } + + byte[] KeyMu = Arrays.CopyOf(key, SeedBytes + RndBytes + CrhBytes); + Array.Copy(mu, 0, KeyMu, SeedBytes, RndBytes); + Array.Copy(mu, 0, KeyMu, SeedBytes + RndBytes, CrhBytes); + ShakeDigest256.BlockUpdate(KeyMu, 0, SeedBytes + RndBytes + CrhBytes); + ShakeDigest256.OutputFinal(rhoPrime, 0, CrhBytes); Matrix.ExpandMatrix(rho); @@ -311,9 +313,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest Shake256Digest = new ShakeDigest(256); Shake256Digest.BlockUpdate(rho, 0, rho.Length); Shake256Digest.BlockUpdate(encT1, 0, encT1.Length); - Shake256Digest.OutputFinal(mu, 0, SeedBytes); + Shake256Digest.OutputFinal(mu, 0, TrBytes); - Shake256Digest.BlockUpdate(mu, 0, SeedBytes); + Shake256Digest.BlockUpdate(mu, 0, TrBytes); Shake256Digest.BlockUpdate(msg, 0, msglen); Shake256Digest.DoFinal(mu, 0); diff --git a/crypto/src/pqc/crypto/crystals/kyber/KyberEngine.cs b/crypto/src/pqc/crypto/crystals/kyber/KyberEngine.cs index 132bd73b3..b7e4adf7c 100644 --- a/crypto/src/pqc/crypto/crystals/kyber/KyberEngine.cs +++ b/crypto/src/pqc/crypto/crystals/kyber/KyberEngine.cs @@ -122,7 +122,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber m_random.NextBytes(randBytes, 0, SymBytes); - Symmetric.Hash_h(randBytes, randBytes, 0); Array.Copy(randBytes, 0, buf, 0, SymBytes); Symmetric.Hash_h(buf, pk, SymBytes); @@ -131,9 +130,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber m_indCpa.Encrypt(cipherText, Arrays.CopyOfRange(buf, 0, SymBytes), pk, Arrays.CopyOfRange(kr, SymBytes, 2 * SymBytes)); - Symmetric.Hash_h(kr, cipherText, SymBytes); - - Symmetric.Kdf(sharedSecret, kr); + Array.Copy(kr, 0, sharedSecret, 0, sharedSecret.Length); } internal void KemDecrypt(byte[] sharedSecret, byte[] cipherText, byte[] secretKey) @@ -155,7 +152,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber CMov(kr, Arrays.CopyOfRange(secretKey, SecretKeyBytes - SymBytes, SecretKeyBytes), SymBytes, fail); - Symmetric.Kdf(sharedSecret, kr); + Array.Copy(kr, 0, sharedSecret, 0, sharedSecret.Length); } private void CMov(byte[] r, byte[] x, int len, bool b) |