diff --git a/crypto/src/crypto/IXof.cs b/crypto/src/crypto/IXof.cs
index 8cddb2870..c2d53ca87 100644
--- a/crypto/src/crypto/IXof.cs
+++ b/crypto/src/crypto/IXof.cs
@@ -16,7 +16,7 @@ namespace Org.BouncyCastle.Crypto
/// <param name="outOff">offset to start writing the bytes at.</param>
/// <param name="outLen">the number of output bytes requested.</param>
/// <returns>the number of bytes written</returns>
- int DoFinal(byte[] output, int outOff, int outLen);
+ int OutputFinal(byte[] output, int outOff, int outLen);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
/// <summary>
@@ -35,7 +35,7 @@ namespace Org.BouncyCastle.Crypto
/// <param name="outOff">offset to start writing the bytes at.</param>
/// <param name="outLen">the number of output bytes requested.</param>
/// <returns>the number of bytes written</returns>
- int DoOutput(byte[] output, int outOff, int outLen);
+ int Output(byte[] output, int outOff, int outLen);
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
/// <summary>
diff --git a/crypto/src/crypto/digests/Blake2xsDigest.cs b/crypto/src/crypto/digests/Blake2xsDigest.cs
index 43bfbac18..ac7e8f611 100644
--- a/crypto/src/crypto/digests/Blake2xsDigest.cs
+++ b/crypto/src/crypto/digests/Blake2xsDigest.cs
@@ -223,7 +223,7 @@ namespace Org.BouncyCastle.Crypto.Digests
*/
public int DoFinal(byte[] output, int outOff)
{
- return DoFinal(output, outOff, digestLength);
+ return OutputFinal(output, outOff, digestLength);
}
/**
@@ -234,9 +234,9 @@ namespace Org.BouncyCastle.Crypto.Digests
* @param outOff offset to start writing the bytes at.
* @param outLen the number of output bytes requested.
*/
- public int DoFinal(byte[] output, int outOff, int outLen)
+ public int OutputFinal(byte[] output, int outOff, int outLen)
{
- int ret = DoOutput(output, outOff, outLen);
+ int ret = Output(output, outOff, outLen);
Reset();
@@ -252,7 +252,7 @@ namespace Org.BouncyCastle.Crypto.Digests
* @param outLen the number of output bytes requested.
* @return the number of bytes written
*/
- public int DoOutput(byte[] output, int outOff, int outLen)
+ public int Output(byte[] output, int outOff, int outLen)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
return Output(output.AsSpan(outOff, outLen));
diff --git a/crypto/src/crypto/digests/Blake3Digest.cs b/crypto/src/crypto/digests/Blake3Digest.cs
index 3b85c8c24..720af805d 100644
--- a/crypto/src/crypto/digests/Blake3Digest.cs
+++ b/crypto/src/crypto/digests/Blake3Digest.cs
@@ -468,11 +468,11 @@ namespace Org.BouncyCastle.Crypto.Digests
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
return OutputFinal(pOutput.AsSpan(pOutOffset, GetDigestSize()));
#else
- return DoFinal(pOutput, pOutOffset, GetDigestSize());
+ return OutputFinal(pOutput, pOutOffset, GetDigestSize());
#endif
}
- public int DoFinal(byte[] pOut, int pOutOffset, int pOutLen)
+ public int OutputFinal(byte[] pOut, int pOutOffset, int pOutLen)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
return OutputFinal(pOut.AsSpan(pOutOffset, pOutLen));
@@ -482,7 +482,7 @@ namespace Org.BouncyCastle.Crypto.Digests
throw new InvalidOperationException(ERR_OUTPUTTING);
/* Build the required output */
- int length = DoOutput(pOut, pOutOffset, pOutLen);
+ int length = Output(pOut, pOutOffset, pOutLen);
/* reset the underlying digest and return the length */
Reset();
@@ -490,7 +490,7 @@ namespace Org.BouncyCastle.Crypto.Digests
#endif
}
- public int DoOutput(byte[] pOut, int pOutOffset, int pOutLen)
+ public int Output(byte[] pOut, int pOutOffset, int pOutLen)
{
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
return Output(pOut.AsSpan(pOutOffset, pOutLen));
diff --git a/crypto/src/crypto/digests/CSHAKEDigest.cs b/crypto/src/crypto/digests/CSHAKEDigest.cs
index fc37b865c..15a6c6da0 100644
--- a/crypto/src/crypto/digests/CSHAKEDigest.cs
+++ b/crypto/src/crypto/digests/CSHAKEDigest.cs
@@ -78,11 +78,11 @@ namespace Org.BouncyCastle.Crypto.Digests
get { return "CSHAKE" + fixedOutputLength; }
}
- public override int DoOutput(byte[] output, int outOff, int outLen)
+ public override int Output(byte[] output, int outOff, int outLen)
{
if (diff == null)
{
- return base.DoOutput(output, outOff, outLen);
+ return base.Output(output, outOff, outLen);
}
if (!squeezing)
diff --git a/crypto/src/crypto/digests/ParallelHash.cs b/crypto/src/crypto/digests/ParallelHash.cs
index 8054b2005..541d7f951 100644
--- a/crypto/src/crypto/digests/ParallelHash.cs
+++ b/crypto/src/crypto/digests/ParallelHash.cs
@@ -170,7 +170,7 @@ namespace Org.BouncyCastle.Crypto.Digests
private void Compress(byte[] buf, int offSet, int len)
{
compressor.BlockUpdate(buf, offSet, len);
- compressor.DoFinal(compressorBuffer, 0, compressorBuffer.Length);
+ compressor.OutputFinal(compressorBuffer, 0, compressorBuffer.Length);
cshake.BlockUpdate(compressorBuffer, 0, compressorBuffer.Length);
@@ -181,7 +181,7 @@ namespace Org.BouncyCastle.Crypto.Digests
private void Compress(ReadOnlySpan<byte> input, int pos, int len)
{
compressor.BlockUpdate(input.Slice(pos, len));
- compressor.DoFinal(compressorBuffer, 0, compressorBuffer.Length);
+ compressor.OutputFinal(compressorBuffer, 0, compressorBuffer.Length);
cshake.BlockUpdate(compressorBuffer, 0, compressorBuffer.Length);
@@ -234,14 +234,14 @@ namespace Org.BouncyCastle.Crypto.Digests
}
#endif
- public virtual int DoFinal(byte[] outBuf, int outOff, int outLen)
+ public virtual int OutputFinal(byte[] outBuf, int outOff, int outLen)
{
if (firstOutput)
{
WrapUp(outputLength);
}
- int rv = cshake.DoFinal(outBuf, outOff, outLen);
+ int rv = cshake.OutputFinal(outBuf, outOff, outLen);
Reset();
@@ -264,14 +264,14 @@ namespace Org.BouncyCastle.Crypto.Digests
}
#endif
- public virtual int DoOutput(byte[] outBuf, int outOff, int outLen)
+ public virtual int Output(byte[] outBuf, int outOff, int outLen)
{
if (firstOutput)
{
WrapUp(0);
}
- return cshake.DoOutput(outBuf, outOff, outLen);
+ return cshake.Output(outBuf, outOff, outLen);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
diff --git a/crypto/src/crypto/digests/ShakeDigest.cs b/crypto/src/crypto/digests/ShakeDigest.cs
index 17d262261..f99d44de9 100644
--- a/crypto/src/crypto/digests/ShakeDigest.cs
+++ b/crypto/src/crypto/digests/ShakeDigest.cs
@@ -53,19 +53,19 @@ namespace Org.BouncyCastle.Crypto.Digests
public override int DoFinal(byte[] output, int outOff)
{
- return DoFinal(output, outOff, GetDigestSize());
+ return OutputFinal(output, outOff, GetDigestSize());
}
- public virtual int DoFinal(byte[] output, int outOff, int outLen)
+ public virtual int OutputFinal(byte[] output, int outOff, int outLen)
{
- int length = DoOutput(output, outOff, outLen);
+ int length = Output(output, outOff, outLen);
Reset();
return length;
}
- public virtual int DoOutput(byte[] output, int outOff, int outLen)
+ public virtual int Output(byte[] output, int outOff, int outLen)
{
if (!squeezing)
{
@@ -110,13 +110,13 @@ namespace Org.BouncyCastle.Crypto.Digests
*/
protected override int DoFinal(byte[] output, int outOff, byte partialByte, int partialBits)
{
- return DoFinal(output, outOff, GetDigestSize(), partialByte, partialBits);
+ return OutputFinal(output, outOff, GetDigestSize(), partialByte, partialBits);
}
/*
* TODO Possible API change to support partial-byte suffixes.
*/
- protected virtual int DoFinal(byte[] output, int outOff, int outLen, byte partialByte, int partialBits)
+ protected virtual int OutputFinal(byte[] output, int outOff, int outLen, byte partialByte, int partialBits)
{
if (partialBits < 0 || partialBits > 7)
throw new ArgumentException("must be in the range [0,7]", "partialBits");
diff --git a/crypto/src/crypto/digests/TupleHash.cs b/crypto/src/crypto/digests/TupleHash.cs
index 43030d5d5..a71ffb2c4 100644
--- a/crypto/src/crypto/digests/TupleHash.cs
+++ b/crypto/src/crypto/digests/TupleHash.cs
@@ -89,31 +89,31 @@ namespace Org.BouncyCastle.Crypto.Digests
public virtual int DoFinal(byte[] outBuf, int outOff)
{
- return DoFinal(outBuf, outOff, GetDigestSize());
+ return OutputFinal(outBuf, outOff, GetDigestSize());
}
- public virtual int DoFinal(byte[] outBuf, int outOff, int outLen)
+ public virtual int OutputFinal(byte[] outBuf, int outOff, int outLen)
{
if (firstOutput)
{
WrapUp(GetDigestSize());
}
- int rv = cshake.DoFinal(outBuf, outOff, outLen);
+ int rv = cshake.OutputFinal(outBuf, outOff, outLen);
Reset();
return rv;
}
- public virtual int DoOutput(byte[] outBuf, int outOff, int outLen)
+ public virtual int Output(byte[] outBuf, int outOff, int outLen)
{
if (firstOutput)
{
WrapUp(0);
}
- return cshake.DoOutput(outBuf, outOff, outLen);
+ return cshake.Output(outBuf, outOff, outLen);
}
public virtual void Reset()
diff --git a/crypto/src/crypto/encodings/OaepEncoding.cs b/crypto/src/crypto/encodings/OaepEncoding.cs
index af83a6f77..c151b7ac5 100644
--- a/crypto/src/crypto/encodings/OaepEncoding.cs
+++ b/crypto/src/crypto/encodings/OaepEncoding.cs
@@ -295,7 +295,7 @@ namespace Org.BouncyCastle.Crypto.Encodings
{
byte[] mask = new byte[length];
mgf1Hash.BlockUpdate(Z, zOff, zLen);
- ((IXof)mgf1Hash).DoFinal(mask, 0, mask.Length);
+ ((IXof)mgf1Hash).OutputFinal(mask, 0, mask.Length);
return mask;
}
diff --git a/crypto/src/crypto/macs/KMac.cs b/crypto/src/crypto/macs/KMac.cs
index ce6c9f701..4dd754765 100644
--- a/crypto/src/crypto/macs/KMac.cs
+++ b/crypto/src/crypto/macs/KMac.cs
@@ -61,7 +61,7 @@ namespace Org.BouncyCastle.Crypto.Macs
cshake.BlockUpdate(encOut, 0, encOut.Length);
}
- int rv = cshake.DoFinal(output, outOff, GetMacSize());
+ int rv = cshake.OutputFinal(output, outOff, GetMacSize());
Reset();
@@ -89,7 +89,7 @@ namespace Org.BouncyCastle.Crypto.Macs
}
#endif
- public int DoFinal(byte[] output, int outOff, int outLen)
+ public int OutputFinal(byte[] output, int outOff, int outLen)
{
if (firstOutput)
{
@@ -101,7 +101,7 @@ namespace Org.BouncyCastle.Crypto.Macs
cshake.BlockUpdate(encOut, 0, encOut.Length);
}
- int rv = cshake.DoFinal(output, outOff, outLen);
+ int rv = cshake.OutputFinal(output, outOff, outLen);
Reset();
@@ -129,7 +129,7 @@ namespace Org.BouncyCastle.Crypto.Macs
}
#endif
- public int DoOutput(byte[] output, int outOff, int outLen)
+ public int Output(byte[] output, int outOff, int outLen)
{
if (firstOutput)
{
@@ -143,7 +143,7 @@ namespace Org.BouncyCastle.Crypto.Macs
firstOutput = false;
}
- return cshake.DoOutput(output, outOff, outLen);
+ return cshake.Output(output, outOff, outLen);
}
#if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER
diff --git a/crypto/src/crypto/signers/Ed448phSigner.cs b/crypto/src/crypto/signers/Ed448phSigner.cs
index 30d4a0aba..7ff9cfbbe 100644
--- a/crypto/src/crypto/signers/Ed448phSigner.cs
+++ b/crypto/src/crypto/signers/Ed448phSigner.cs
@@ -68,7 +68,7 @@ namespace Org.BouncyCastle.Crypto.Signers
throw new InvalidOperationException("Ed448phSigner not initialised for signature generation.");
byte[] msg = new byte[Ed448.PrehashSize];
- if (Ed448.PrehashSize != prehash.DoFinal(msg, 0, Ed448.PrehashSize))
+ if (Ed448.PrehashSize != prehash.OutputFinal(msg, 0, Ed448.PrehashSize))
throw new InvalidOperationException("Prehash digest failed");
byte[] signature = new byte[Ed448PrivateKeyParameters.SignatureSize];
diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs
index b033bb251..6d34e6edd 100644
--- a/crypto/src/crypto/signers/PssSigner.cs
+++ b/crypto/src/crypto/signers/PssSigner.cs
@@ -358,7 +358,7 @@ namespace Org.BouncyCastle.Crypto.Signers
{
byte[] mask = new byte[length];
mgfDigest.BlockUpdate(Z, zOff, zLen);
- ((IXof)mgfDigest).DoFinal(mask, 0, mask.Length);
+ ((IXof)mgfDigest).OutputFinal(mask, 0, mask.Length);
return mask;
}
diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs
index 24dab540a..b73aaa7f8 100644
--- a/crypto/src/math/ec/rfc8032/Ed448.cs
+++ b/crypto/src/math/ec/rfc8032/Ed448.cs
@@ -403,7 +403,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
byte[] h = new byte[ScalarBytes * 2];
d.BlockUpdate(sk, skOff, SecretKeySize);
- d.DoFinal(h, 0, h.Length);
+ d.OutputFinal(h, 0, h.Length);
byte[] s = new byte[ScalarBytes];
PruneScalar(h, 0, s);
@@ -495,7 +495,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
Dom4(d, phflag, ctx);
d.BlockUpdate(h, ScalarBytes, ScalarBytes);
d.BlockUpdate(m, mOff, mLen);
- d.DoFinal(h, 0, h.Length);
+ d.OutputFinal(h, 0, h.Length);
byte[] r = ReduceScalar(h);
byte[] R = new byte[PointBytes];
@@ -505,7 +505,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
d.BlockUpdate(R, 0, PointBytes);
d.BlockUpdate(pk, pkOff, PointBytes);
d.BlockUpdate(m, mOff, mLen);
- d.DoFinal(h, 0, h.Length);
+ d.OutputFinal(h, 0, h.Length);
byte[] k = ReduceScalar(h);
byte[] S = CalculateS(r, k, s);
@@ -524,7 +524,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
byte[] h = new byte[ScalarBytes * 2];
d.BlockUpdate(sk, skOff, SecretKeySize);
- d.DoFinal(h, 0, h.Length);
+ d.OutputFinal(h, 0, h.Length);
byte[] s = new byte[ScalarBytes];
PruneScalar(h, 0, s);
@@ -545,7 +545,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
byte[] h = new byte[ScalarBytes * 2];
d.BlockUpdate(sk, skOff, SecretKeySize);
- d.DoFinal(h, 0, h.Length);
+ d.OutputFinal(h, 0, h.Length);
byte[] s = new byte[ScalarBytes];
PruneScalar(h, 0, s);
@@ -580,7 +580,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
d.BlockUpdate(R, 0, PointBytes);
d.BlockUpdate(pk, pkOff, PointBytes);
d.BlockUpdate(m, mOff, mLen);
- d.DoFinal(h, 0, h.Length);
+ d.OutputFinal(h, 0, h.Length);
byte[] k = ReduceScalar(h);
@@ -1726,7 +1726,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
public static void SignPrehash(byte[] sk, int skOff, byte[] ctx, IXof ph, byte[] sig, int sigOff)
{
byte[] m = new byte[PrehashSize];
- if (PrehashSize != ph.DoFinal(m, 0, PrehashSize))
+ if (PrehashSize != ph.OutputFinal(m, 0, PrehashSize))
throw new ArgumentException("ph");
byte phflag = 0x01;
@@ -1737,7 +1737,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
public static void SignPrehash(byte[] sk, int skOff, byte[] pk, int pkOff, byte[] ctx, IXof ph, byte[] sig, int sigOff)
{
byte[] m = new byte[PrehashSize];
- if (PrehashSize != ph.DoFinal(m, 0, PrehashSize))
+ if (PrehashSize != ph.OutputFinal(m, 0, PrehashSize))
throw new ArgumentException("ph");
byte phflag = 0x01;
@@ -1791,7 +1791,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
public static bool VerifyPrehash(byte[] sig, int sigOff, byte[] pk, int pkOff, byte[] ctx, IXof ph)
{
byte[] m = new byte[PrehashSize];
- if (PrehashSize != ph.DoFinal(m, 0, PrehashSize))
+ if (PrehashSize != ph.OutputFinal(m, 0, PrehashSize))
throw new ArgumentException("ph");
byte phflag = 0x01;
diff --git a/crypto/src/pqc/crypto/cmce/CmceEngine.cs b/crypto/src/pqc/crypto/cmce/CmceEngine.cs
index 41194e8a6..7dd404427 100644
--- a/crypto/src/pqc/crypto/cmce/CmceEngine.cs
+++ b/crypto/src/pqc/crypto/cmce/CmceEngine.cs
@@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce
IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256);
digest.Update(64);
digest.BlockUpdate(sk, 0, 32);
- ((IXof)digest).DoFinal(hash, 0, hash.Length);
+ ((IXof)digest).OutputFinal(hash, 0, hash.Length);
for (int i = 0; i < (1 << GFBITS); i++)
{
@@ -123,7 +123,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce
IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256);
digest.Update((byte)64);
digest.BlockUpdate(sk, 0, 32); // input
- ((IXof)digest).DoFinal(hash, 0, hash.Length);
+ ((IXof)digest).OutputFinal(hash, 0, hash.Length);
// generate g
@@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce
// SeededKeyGen - 1. Compute E = G(δ), a string of n + σ2q + σ1t + l bits. (3488 + 32*4096 + 16*64 + 256)
digest.BlockUpdate(seed_a, 0, seed_a.Length);
digest.BlockUpdate(seed_b, 0, seed_b.Length);
- ((IXof)digest).DoFinal(E, 0, E.Length);
+ ((IXof)digest).OutputFinal(E, 0, E.Length);
// Store the seeds generated
// SeededKeyGen - 2. Define δ′ as the last l bits of E.
@@ -532,7 +532,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce
IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256);
digest.Update((byte)0x02);
digest.BlockUpdate(error_vector, 0, error_vector.Length); // input
- ((IXof)digest).DoFinal(cipher_text, SYND_BYTES, cipher_text.Length - SYND_BYTES); // output
+ ((IXof)digest).OutputFinal(cipher_text, SYND_BYTES, cipher_text.Length - SYND_BYTES); // output
/*
2.4.5 Encapsulation
@@ -543,7 +543,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce
digest.Update((byte)0x01);
digest.BlockUpdate(error_vector, 0, error_vector.Length);
digest.BlockUpdate(cipher_text, 0, cipher_text.Length); // input
- ((IXof)digest).DoFinal(key, 0, key.Length); // output
+ ((IXof)digest).OutputFinal(key, 0, key.Length); // output
if (usePadding)
{
@@ -598,7 +598,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce
IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256);
digest.Update((byte)0x02);
digest.BlockUpdate(error_vector, 0, error_vector.Length); // input
- ((IXof)digest).DoFinal(conf, 0, conf.Length); // output
+ ((IXof)digest).OutputFinal(conf, 0, conf.Length); // output
/*
2.3.3 Decapsulation
@@ -640,7 +640,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce
// = SHAKE256(preimage, 32)
digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256);
digest.BlockUpdate(preimage, 0, preimage.Length); // input
- ((IXof)digest).DoFinal(key, 0, key.Length); // output
+ ((IXof)digest).OutputFinal(key, 0, key.Length); // output
// clear outputs (set to all 1's) if padding bits are not all zero
diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs
index 9648167d1..4ba769984 100644
--- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs
+++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs
@@ -141,7 +141,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
ShakeDigest Shake256Digest = new ShakeDigest(256);
Shake256Digest.BlockUpdate(SeedBuf, 0, SeedBytes);
- Shake256Digest.DoFinal(buf, 0, 2 * SeedBytes + CrhBytes);
+ Shake256Digest.OutputFinal(buf, 0, 2 * SeedBytes + CrhBytes);
rho = Arrays.CopyOfRange(buf, 0, SeedBytes);
rhoPrime = Arrays.CopyOfRange(buf, SeedBytes, SeedBytes + CrhBytes);
@@ -171,7 +171,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
Shake256Digest.BlockUpdate(rho, 0, rho.Length);
Shake256Digest.BlockUpdate(encT1, 0, encT1.Length);
- Shake256Digest.DoFinal(tr, 0, SeedBytes);
+ Shake256Digest.OutputFinal(tr, 0, SeedBytes);
Packing.PackSecretKey(t0_, s1_, s2_, t0, s1, s2, this);
}
@@ -192,7 +192,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
ShakeDigest ShakeDigest256 = new ShakeDigest(256);
ShakeDigest256.BlockUpdate(tr, 0, SeedBytes);
ShakeDigest256.BlockUpdate(msg, 0, msglen);
- ShakeDigest256.DoFinal(mu, 0, CrhBytes);
+ ShakeDigest256.OutputFinal(mu, 0, CrhBytes);
if (_random != null)
{
@@ -203,7 +203,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
byte[] KeyMu = Arrays.CopyOf(key, SeedBytes + CrhBytes);
Array.Copy(mu, 0, KeyMu, SeedBytes, CrhBytes);
ShakeDigest256.BlockUpdate(KeyMu, 0, SeedBytes + CrhBytes);
- ShakeDigest256.DoFinal(rhoPrime, 0, CrhBytes);
+ ShakeDigest256.OutputFinal(rhoPrime, 0, CrhBytes);
}
Matrix.ExpandMatrix(rho);
@@ -229,7 +229,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
ShakeDigest256.BlockUpdate(mu, 0, CrhBytes);
ShakeDigest256.BlockUpdate(sig, 0, K * PolyW1PackedBytes);
- ShakeDigest256.DoFinal(sig, 0, SeedBytes);
+ ShakeDigest256.OutputFinal(sig, 0, SeedBytes);
cp.Challenge(sig);
@@ -311,7 +311,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
ShakeDigest Shake256Digest = new ShakeDigest(256);
Shake256Digest.BlockUpdate(rho, 0, rho.Length);
Shake256Digest.BlockUpdate(encT1, 0, encT1.Length);
- Shake256Digest.DoFinal(mu, 0, SeedBytes);
+ Shake256Digest.OutputFinal(mu, 0, SeedBytes);
Shake256Digest.BlockUpdate(mu, 0, SeedBytes);
Shake256Digest.BlockUpdate(msg, 0, msglen);
@@ -341,7 +341,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
Shake256Digest.BlockUpdate(mu, 0, CrhBytes);
Shake256Digest.BlockUpdate(buf, 0, K * PolyW1PackedBytes);
- Shake256Digest.DoFinal(c2, 0, SeedBytes);
+ Shake256Digest.OutputFinal(c2, 0, SeedBytes);
for (int i = 0; i < SeedBytes; ++i)
{
diff --git a/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs b/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs
index 6978796c4..eb209f8a2 100644
--- a/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs
+++ b/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs
@@ -591,7 +591,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
ShakeDigest ShakeDigest256 = new ShakeDigest(256);
ShakeDigest256.BlockUpdate(seed, 0, DilithiumEngine.SeedBytes);
- ShakeDigest256.DoOutput(buf, 0, Symmetric.Stream256BlockBytes);
+ ShakeDigest256.Output(buf, 0, Symmetric.Stream256BlockBytes);
signs = 0;
for (i = 0; i < 8; ++i)
@@ -612,7 +612,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
{
if (pos >= Symmetric.Stream256BlockBytes)
{
- ShakeDigest256.DoOutput(buf, 0, Symmetric.Stream256BlockBytes);
+ ShakeDigest256.Output(buf, 0, Symmetric.Stream256BlockBytes);
pos = 0;
}
b = (buf[pos++] & 0xFF);
diff --git a/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs b/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs
index d025b98fd..b3836ef87 100644
--- a/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs
+++ b/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs
@@ -116,12 +116,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium
internal override void Stream128SqueezeBlocks(byte[] output, int offset, int size)
{
- digest128.DoOutput(output, offset, size);
+ digest128.Output(output, offset, size);
}
internal override void Stream256SqueezeBlocks(byte[] output, int offset, int size)
{
- digest256.DoOutput(output, offset, size);
+ digest256.Output(output, offset, size);
}
}
}
diff --git a/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs b/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs
index b618d7bce..bea8cae54 100644
--- a/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs
+++ b/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs
@@ -71,7 +71,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
internal override void XofSqueezeBlocks(byte[] output, int outOffset, int outLen)
{
- xof.DoOutput(output, outOffset, outLen);
+ xof.Output(output, outOffset, outLen);
}
internal override void Prf(byte[] output, byte[] seed, byte nonce)
@@ -80,13 +80,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber
Array.Copy(seed, 0, extSeed, 0, seed.Length);
extSeed[seed.Length] = nonce;
shakeDigest.BlockUpdate(extSeed, 0, extSeed.Length);
- shakeDigest.DoFinal(output, 0, output.Length);
+ shakeDigest.OutputFinal(output, 0, output.Length);
}
internal override void Kdf(byte[] output, byte[] input)
{
shakeDigest.BlockUpdate(input, 0, input.Length);
- shakeDigest.DoFinal(output, 0, output.Length);
+ shakeDigest.OutputFinal(output, 0, output.Length);
}
}
diff --git a/crypto/src/pqc/crypto/frodo/FrodoEngine.cs b/crypto/src/pqc/crypto/frodo/FrodoEngine.cs
index 2f9c50921..7fefb4767 100644
--- a/crypto/src/pqc/crypto/frodo/FrodoEngine.cs
+++ b/crypto/src/pqc/crypto/frodo/FrodoEngine.cs
@@ -223,7 +223,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
// 2. Generate pseudorandom seed seedA = SHAKE(z, len_seedA) (length in bits)
byte[] seedA = new byte[len_seedA_bytes];
digest.BlockUpdate(z, 0, z.Length);
- ((IXof) digest).DoFinal(seedA, 0, seedA.Length);
+ ((IXof) digest).OutputFinal(seedA, 0, seedA.Length);
// 3. A = Frodo.Gen(seedA)
short[] A = gen.GenMatrix(seedA);
@@ -233,7 +233,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
digest.Update((byte) 0x5f);
digest.BlockUpdate(seedSE, 0, seedSE.Length);
- ((IXof) digest).DoFinal(rbytes, 0, rbytes.Length);
+ ((IXof) digest).OutputFinal(rbytes, 0, rbytes.Length);
short[] r = new short[2 * n * nbar];
for (int i = 0; i < r.Length; i++)
@@ -258,7 +258,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
byte[] pkh = new byte[len_pkh_bytes];
digest.BlockUpdate(pk, 0, pk.Length);
- ((IXof) digest).DoFinal(pkh, 0, pkh.Length);
+ ((IXof) digest).OutputFinal(pkh, 0, pkh.Length);
//10. sk = (s || seedA || b, S^T, pkh)
Array.Copy(Arrays.Concatenate(s, pk), 0,
@@ -377,13 +377,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
// 2. pkh = SHAKE(pk, len_pkh)
byte[] pkh = new byte[len_pkh_bytes];
digest.BlockUpdate(pk, 0, len_pk_bytes);
- ((IXof) digest).DoFinal(pkh, 0, len_pkh_bytes);
+ ((IXof) digest).OutputFinal(pkh, 0, len_pkh_bytes);
// 3. seedSE || k = SHAKE(pkh || mu, len_seedSE + len_k) (length in bits)
byte[] seedSE_k = new byte[len_seedSE + len_k];
digest.BlockUpdate(pkh, 0, len_pkh_bytes);
digest.BlockUpdate(mu, 0, len_mu_bytes);
- ((IXof) digest).DoFinal(seedSE_k, 0, len_seedSE_bytes + len_k_bytes);
+ ((IXof) digest).OutputFinal(seedSE_k, 0, len_seedSE_bytes + len_k_bytes);
byte[] seedSE = Arrays.CopyOfRange(seedSE_k, 0, len_seedSE_bytes);
byte[] k = Arrays.CopyOfRange(seedSE_k, len_seedSE_bytes, len_seedSE_bytes + len_k_bytes);
@@ -392,7 +392,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
byte[] rbytes = new byte[(2 * mbar * n + mbar * nbar) * len_chi_bytes];
digest.Update((byte) 0x96);
digest.BlockUpdate(seedSE, 0, seedSE.Length);
- ((IXof) digest).DoFinal(rbytes, 0, rbytes.Length);
+ ((IXof) digest).OutputFinal(rbytes, 0, rbytes.Length);
short[] r = new short[rbytes.Length / 2];
for (int i = 0; i < r.Length; i++)
@@ -436,7 +436,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
digest.BlockUpdate(c1, 0, c1.Length);
digest.BlockUpdate(c2, 0, c2.Length);
digest.BlockUpdate(k, 0, len_k_bytes);
- ((IXof) digest).DoFinal(ss, 0, len_s_bytes);
+ ((IXof) digest).OutputFinal(ss, 0, len_s_bytes);
}
private short[] MatrixSub(short[] X, short[] Y, int n1, int n2)
@@ -568,7 +568,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
byte[] seedSEprime_kprime = new byte[len_seedSE_bytes + len_k_bytes];
digest.BlockUpdate(pkh, 0, len_pkh_bytes);
digest.BlockUpdate(muprime, 0, len_mu_bytes);
- ((IXof) digest).DoFinal(seedSEprime_kprime, 0, len_seedSE_bytes + len_k_bytes);
+ ((IXof) digest).OutputFinal(seedSEprime_kprime, 0, len_seedSE_bytes + len_k_bytes);
byte[] kprime = Arrays.CopyOfRange(seedSEprime_kprime, len_seedSE_bytes, len_seedSE_bytes + len_k_bytes);
@@ -576,7 +576,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
byte[] rbytes = new byte[(2 * mbar * n + mbar * mbar) * len_chi_bytes];
digest.Update((byte) 0x96);
digest.BlockUpdate(seedSEprime_kprime, 0, len_seedSE_bytes);
- ((IXof) digest).DoFinal(rbytes, 0, rbytes.Length);
+ ((IXof) digest).OutputFinal(rbytes, 0, rbytes.Length);
short[] r = new short[2 * mbar * n + mbar * nbar];
for (int i = 0; i < r.Length; i++)
@@ -620,7 +620,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
digest.BlockUpdate(c1, 0, c1.Length);
digest.BlockUpdate(c2, 0, c2.Length);
digest.BlockUpdate(kbar, 0, kbar.Length);
- ((IXof) digest).DoFinal(ss, 0, len_ss_bytes);
+ ((IXof) digest).OutputFinal(ss, 0, len_ss_bytes);
}
}
diff --git a/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs b/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs
index 01f1016a7..468e00fbd 100644
--- a/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs
+++ b/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs
@@ -46,7 +46,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
// 2. c_{i,0} || c_{i,1} || ... || c_{i,n-1} = SHAKE128(b, 16n) (length in bits) where each c_{i,j} is parsed as a 16-bit integer in little-endian byte order format
IXof digest = new ShakeDigest(128);
digest.BlockUpdate(b, 0, b.Length);
- digest.DoFinal(tmp, 0, tmp.Length);
+ digest.OutputFinal(tmp, 0, tmp.Length);
for (j = 0; j < n; j++)
{
A[i * n + j] = (short) (Pack.LE_To_UInt16(tmp, 2 * j) % q);//todo add % q
diff --git a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs
index 605a27764..0e2a4b54f 100644
--- a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs
+++ b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs
@@ -1508,7 +1508,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
/* Hash the salt & message */
digest.BlockUpdate(salt, 0, saltSizeBytes);
digest.BlockUpdate(message, 0, message.Length);
- digest.DoFinal(hash, 0, digestSizeBytes);
+ digest.OutputFinal(hash, 0, digestSizeBytes);
/* Convert hash to a packed string of values in {0,1,2} */
int round = 0;
@@ -1548,7 +1548,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
/* We need more bits; hash set hash = H_1(hash) */
digest.Update((byte) 1);
digest.BlockUpdate(hash, 0, digestSizeBytes);
- digest.DoFinal(hash, 0, digestSizeBytes);
+ digest.OutputFinal(hash, 0, digestSizeBytes);
}
}
@@ -1569,7 +1569,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
/* Hash the seed with H_5, store digest in output */
digest.Update((byte) 5);
digest.BlockUpdate(seed, seedOffset, seedSizeBytes);
- digest.DoFinal(output, 0, digestSizeBytes);
+ digest.OutputFinal(output, 0, digestSizeBytes);
/* Hash H_5(seed), the view, and the length */
digest.BlockUpdate(output, 0, digestSizeBytes);
@@ -1582,7 +1582,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(view.communicatedBits, 0, andSizeBytes);
digest.BlockUpdate(Pack.UInt32_To_LE((uint)outputBytes), 0, 2);
- digest.DoFinal(output, 0, outputBytes);
+ digest.OutputFinal(output, 0, outputBytes);
}
private void mpc_LowMC(Tape tapes, View[] views, uint[] plaintext, uint[] slab)
@@ -1635,7 +1635,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
/* Hash the seed, store result in `hash` */
digest.Update((byte) 4);
digest.BlockUpdate(seed, seedOffset, seedSizeBytes);
- digest.DoFinal(hash, 0, digestSizeBytes);
+ digest.OutputFinal(hash, 0, digestSizeBytes);
/* Compute H_0(H_4(seed), view) */
digest.Update((byte) 0);
@@ -1643,7 +1643,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(Pack.UInt32_To_LE(view.inputShare), 0, stateSizeBytes);
digest.BlockUpdate(view.communicatedBits, 0, andSizeBytes);
digest.BlockUpdate(Pack.UInt32_To_LE(view.outputShare), 0, stateSizeBytes);
- digest.DoFinal(hash, 0, digestSizeBytes);
+ digest.OutputFinal(hash, 0, digestSizeBytes);
}
private void mpc_substitution(uint[] state, Tape rand, View[] views)
@@ -1747,7 +1747,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
/* Hash the seed and a constant, store the result in tape. */
digest.Update((byte) 2);
digest.BlockUpdate(seed, seedOffset, seedSizeBytes);
- digest.DoFinal(tape, 0, digestSizeBytes);
+ digest.OutputFinal(tape, 0, digestSizeBytes);
// Console.Error.Write("tape: " + Hex.toHexString(tape));
/* Expand the hashed seed, salt, round and player indices, and output
@@ -1757,7 +1757,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(Pack.UInt32_To_LE(roundNumber), 0, 2);
digest.BlockUpdate(Pack.UInt32_To_LE(playerNumber), 0, 2);
digest.BlockUpdate(Pack.UInt32_To_LE((uint)tapeLen), 0, 2);
- digest.DoFinal(tape, 0, tapeLen);
+ digest.OutputFinal(tape, 0, tapeLen);
return true;
}
@@ -1773,7 +1773,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(Pack.UInt32_To_LE((uint)stateSizeBits), 0, 2);
// Derive the N*T seeds + 1 salt
- digest.DoFinal(allSeeds, 0, seedSizeBytes * (numMPCParties * numMPCRounds) + saltSizeBytes);
+ digest.OutputFinal(allSeeds, 0, seedSizeBytes * (numMPCParties * numMPCRounds) + saltSizeBytes);
return allSeeds;
}
@@ -1963,7 +1963,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(Pack.UInt32_To_LE(pubKey), 0, stateSizeBytes);
digest.BlockUpdate(Pack.UInt32_To_LE(plaintext), 0, stateSizeBytes);
digest.BlockUpdate(message, 0, message.Length);
- digest.DoFinal(challengeHash, 0, digestSizeBytes);
+ digest.OutputFinal(challengeHash, 0, digestSizeBytes);
if ((challengeC != null) && (challengeP != null))
{
@@ -2041,7 +2041,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.Update((byte) 1);
digest.BlockUpdate(h, 0, digestSizeBytes);
- digest.DoFinal(h, 0, digestSizeBytes);
+ digest.OutputFinal(h, 0, digestSizeBytes);
}
// Note that we always compute h = H(h) after setting C
@@ -2066,7 +2066,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.Update((byte) 1);
digest.BlockUpdate(h, 0, digestSizeBytes);
- digest.DoFinal(h, 0, digestSizeBytes);
+ digest.OutputFinal(h, 0, digestSizeBytes);
}
}
@@ -2077,7 +2077,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(C[i], 0, digestSizeBytes);
}
- digest.DoFinal(digest_arr, 0, digestSizeBytes);
+ digest.OutputFinal(digest_arr, 0, digestSizeBytes);
}
private void commit_v(byte[] digest_arr, byte[] input, Msg msg)
@@ -2089,7 +2089,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(msg.msgs[i], 0, msgs_size);
}
- digest.DoFinal(digest_arr, 0, digestSizeBytes);
+ digest.OutputFinal(digest_arr, 0, digestSizeBytes);
}
private int SimulateOnline(uint[] maskedKey, Tape tape, uint[] tmp_shares,
@@ -2139,7 +2139,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(salt, 0, saltSizeBytes);
digest.BlockUpdate(Pack.UInt32_To_LE(t), 0, 2);
digest.BlockUpdate(Pack.UInt32_To_LE(i), 0, 2);
- digest.DoFinal(tape.tapes[i], 0, tapeSizeBytes);
+ digest.OutputFinal(tape.tapes[i], 0, tapeSizeBytes);
}
}
@@ -2314,7 +2314,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(salt, 0, saltSizeBytes);
digest.BlockUpdate(Pack.UInt32_To_LE(t), 0, 2);
digest.BlockUpdate(Pack.UInt32_To_LE(j), 0, 2);
- digest.DoFinal(digest_arr, 0, digestSizeBytes);
+ digest.OutputFinal(digest_arr, 0, digestSizeBytes);
}
private void ComputeSaltAndRootSeed(byte[] saltAndRoot, uint[] privateKey, uint[] pubKey, uint[] plaintext, byte[] message)
@@ -2338,7 +2338,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
digest.BlockUpdate(pubkey_bytes, 0, stateSizeBytes);
digest.BlockUpdate(plaintext_bytes, 0, stateSizeBytes);
digest.BlockUpdate(Pack.UInt16_To_LE((ushort) (stateSizeBits & 0xffff)), 0, 2);
- digest.DoFinal(saltAndRoot, 0, saltAndRoot.Length);
+ digest.OutputFinal(saltAndRoot, 0, saltAndRoot.Length);
}
static bool is_picnic3(int parameters)
diff --git a/crypto/src/pqc/crypto/picnic/Tree.cs b/crypto/src/pqc/crypto/picnic/Tree.cs
index 36efea831..50f844a52 100644
--- a/crypto/src/pqc/crypto/picnic/Tree.cs
+++ b/crypto/src/pqc/crypto/picnic/Tree.cs
@@ -450,7 +450,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
engine.digest.BlockUpdate(salt, 0, PicnicEngine.saltSizeBytes);
engine.digest.BlockUpdate(Pack.UInt32_To_LE(parent), 0, 2);
- engine.digest.DoFinal(this.nodes[parent], 0, engine.digestSizeBytes);
+ engine.digest.OutputFinal(this.nodes[parent], 0, engine.digestSizeBytes);
this.haveNode[parent] = true;
}
@@ -545,7 +545,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic
engine.digest.BlockUpdate(salt, 0, PicnicEngine.saltSizeBytes);
engine.digest.BlockUpdate(Pack.UInt16_To_LE((ushort) (repIndex & 0xffff)), 0, 2); //todo check endianness
engine.digest.BlockUpdate(Pack.UInt16_To_LE((ushort) (nodeIndex & 0xffff)), 0, 2); //todo check endianness
- engine.digest.DoFinal(digest_arr, 0, 2 * engine.seedSizeBytes);
+ engine.digest.OutputFinal(digest_arr, 0, 2 * engine.seedSizeBytes);
// System.out.println("hash: " + Hex.toHexString(digest_arr));
}
diff --git a/crypto/src/pqc/crypto/saber/Poly.cs b/crypto/src/pqc/crypto/saber/Poly.cs
index f36b62031..021f1d0e3 100644
--- a/crypto/src/pqc/crypto/saber/Poly.cs
+++ b/crypto/src/pqc/crypto/saber/Poly.cs
@@ -39,7 +39,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber
IXof digest = new ShakeDigest(128);
digest.BlockUpdate(seed, 0, engine.getSABER_SEEDBYTES());
- digest.DoFinal(buf, 0, buf.Length);
+ digest.OutputFinal(buf, 0, buf.Length);
for (i = 0; i < SABER_L; i++)
{
@@ -53,7 +53,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber
int i;
IXof digest = new ShakeDigest(128);
digest.BlockUpdate(seed, 0, engine.getSABER_NOISE_SEEDBYTES());
- digest.DoFinal(buf, 0, buf.Length);
+ digest.OutputFinal(buf, 0, buf.Length);
for (i = 0; i < SABER_L; i++)
{
diff --git a/crypto/src/pqc/crypto/saber/SABEREngine.cs b/crypto/src/pqc/crypto/saber/SABEREngine.cs
index 38efdd8f3..a7c8d3ff9 100644
--- a/crypto/src/pqc/crypto/saber/SABEREngine.cs
+++ b/crypto/src/pqc/crypto/saber/SABEREngine.cs
@@ -204,7 +204,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber
IXof digest = new ShakeDigest(128);
digest.BlockUpdate(seed_A, 0, SABER_SEEDBYTES);
- digest.DoFinal(seed_A, 0, SABER_SEEDBYTES);
+ digest.OutputFinal(seed_A, 0, SABER_SEEDBYTES);
random.NextBytes(seed_s);
diff --git a/crypto/src/pqc/crypto/sike/SIKEEngine.cs b/crypto/src/pqc/crypto/sike/SIKEEngine.cs
index de1ed1ed5..e7b218589 100644
--- a/crypto/src/pqc/crypto/sike/SIKEEngine.cs
+++ b/crypto/src/pqc/crypto/sike/SIKEEngine.cs
@@ -126,7 +126,7 @@ internal class SIKEEngine
IXof digest = new ShakeDigest(256);
digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES));
- digest.DoFinal(ephemeralsk, 0, (int) param.SECRETKEY_B_BYTES);
+ digest.OutputFinal(ephemeralsk, 0, (int) param.SECRETKEY_B_BYTES);
sidhCompressed.FormatPrivKey_B(ephemeralsk);
@@ -144,7 +144,7 @@ internal class SIKEEngine
// System.out.println("jinv: " + Hex.toHexstring(jinvariant));
digest.BlockUpdate(jinvariant, 0, (int) param.FP2_ENCODED_BYTES);
- digest.DoFinal(h, 0, (int) param.MSG_BYTES);
+ digest.OutputFinal(h, 0, (int) param.MSG_BYTES);
// System.out.println("h: " + Hex.toHexstring(h));
// System.out.println("temp: " + Hex.toHexstring(temp));
@@ -158,7 +158,7 @@ internal class SIKEEngine
System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES);
digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES));
- digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES);
+ digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES);
return 0;
}
else
@@ -174,7 +174,7 @@ internal class SIKEEngine
IXof digest = new ShakeDigest(256);
digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES));
- digest.DoFinal(ephemeralsk, 0, (int) param.SECRETKEY_A_BYTES);
+ digest.OutputFinal(ephemeralsk, 0, (int) param.SECRETKEY_A_BYTES);
ephemeralsk[param.SECRETKEY_A_BYTES - 1] &= (byte) param.MASK_ALICE;
// Encrypt
@@ -182,7 +182,7 @@ internal class SIKEEngine
sidh.EphemeralSecretAgreement_A(ephemeralsk, pk, jinvariant);
digest.BlockUpdate(jinvariant, 0, (int) param.FP2_ENCODED_BYTES);
- digest.DoFinal(h, 0, (int) param.MSG_BYTES);
+ digest.OutputFinal(h, 0, (int) param.MSG_BYTES);
for (int i = 0; i < param.MSG_BYTES; i++)
{
@@ -193,7 +193,7 @@ internal class SIKEEngine
System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES);
digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES));
- digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES);
+ digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES);
return 0;
}
@@ -218,7 +218,7 @@ internal class SIKEEngine
IXof digest = new ShakeDigest(256);
digest.BlockUpdate(jinvariant_, 0, (int) param.FP2_ENCODED_BYTES);
- digest.DoFinal(h_, 0, (int) param.MSG_BYTES);
+ digest.OutputFinal(h_, 0, (int) param.MSG_BYTES);
// System.out.println("h_: " + Hex.toHexstring(h_));
@@ -231,7 +231,7 @@ internal class SIKEEngine
System.Array.Copy(sk, param.MSG_BYTES + param.SECRETKEY_A_BYTES, temp, param.MSG_BYTES, param.CRYPTO_PUBLICKEYBYTES);
digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES));
- digest.DoFinal(ephemeralsk_, 0, (int) param.SECRETKEY_B_BYTES);
+ digest.OutputFinal(ephemeralsk_, 0, (int) param.SECRETKEY_B_BYTES);
sidhCompressed.FormatPrivKey_B(ephemeralsk_);
// Generate shared secret ss <- H(m||ct), or output ss <- H(s||ct) in case of ct verification failure
@@ -242,7 +242,7 @@ internal class SIKEEngine
System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES);
digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES));
- digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES);
+ digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES);
return 0;
}
@@ -260,7 +260,7 @@ internal class SIKEEngine
IXof digest = new ShakeDigest(256);
digest.BlockUpdate(jinvariant_, 0, (int) param.FP2_ENCODED_BYTES);
- digest.DoFinal(h_, 0, (int) param.MSG_BYTES);
+ digest.OutputFinal(h_, 0, (int) param.MSG_BYTES);
for (int i = 0; i < param.MSG_BYTES; i++)
{
temp[i] = (byte) (ct[i + param.CRYPTO_PUBLICKEYBYTES] ^ h_[i]);
@@ -270,7 +270,7 @@ internal class SIKEEngine
System.Array.Copy(sk, param.MSG_BYTES + param.SECRETKEY_B_BYTES, temp, param.MSG_BYTES, param.CRYPTO_PUBLICKEYBYTES);
digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES));
- digest.DoFinal(ephemeralsk_, 0, (int) param.SECRETKEY_A_BYTES);
+ digest.OutputFinal(ephemeralsk_, 0, (int) param.SECRETKEY_A_BYTES);
ephemeralsk_[param.SECRETKEY_A_BYTES - 1] &= (byte) param.MASK_ALICE;
@@ -283,7 +283,7 @@ internal class SIKEEngine
System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES);
digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES));
- digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES);
+ digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES);
return 0;
}
diff --git a/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs b/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs
index 86c2f8fbb..f55a87778 100644
--- a/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs
@@ -11,7 +11,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
byte[] buf = new byte[640];
BlockUpdate(pkSeed, 0, pkSeed.Length);
- DoFinal(buf, 0, buf.Length);
+ OutputFinal(buf, 0, buf.Length);
haraka512_rc = new ulong[10][];
haraka256_rc = new uint[10][];
for (int i = 0; i < 10; ++i)
@@ -51,7 +51,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
}
}
- public int DoFinal(byte[] output, int outOff, int len)
+ public int OutputFinal(byte[] output, int outOff, int len)
{
int outLen = len;
diff --git a/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs b/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs
index a625cb32d..35d7c883e 100644
--- a/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs
@@ -114,7 +114,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
return OutputFinal(output[..32]);
}
- public int DoOutput(byte[] output, int outOff, int outLen)
+ public int Output(byte[] output, int outOff, int outLen)
{
return Output(output.AsSpan(outOff, outLen));
}
@@ -157,7 +157,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
return result;
}
- public int DoFinal(byte[] output, int outOff, int outLen)
+ public int OutputFinal(byte[] output, int outOff, int outLen)
{
return OutputFinal(output.AsSpan(outOff, outLen));
}
diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs
index 86e93383c..3c295c3bd 100644
--- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs
+++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs
@@ -372,7 +372,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length);
treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length);
treeDigest.BlockUpdate(mTheta, 0, mTheta.Length);
- treeDigest.DoFinal(rv, 0, rv.Length);
+ treeDigest.OutputFinal(rv, 0, rv.Length);
return rv;
}
@@ -395,7 +395,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
treeDigest.BlockUpdate(m2, 0, m2.Length);
}
- treeDigest.DoFinal(rv, 0, rv.Length);
+ treeDigest.OutputFinal(rv, 0, rv.Length);
return rv;
}
@@ -414,7 +414,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length);
treeDigest.BlockUpdate(pkRoot, 0, pkRoot.Length);
treeDigest.BlockUpdate(message, 0, message.Length);
- treeDigest.DoFinal(output, 0, output.Length);
+ treeDigest.OutputFinal(output, 0, output.Length);
// tree index
// currently, only indexes up to 64 bits are supported
@@ -440,7 +440,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length);
treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length);
treeDigest.BlockUpdate(mTheta, 0, mTheta.Length);
- treeDigest.DoFinal(rv, 0, rv.Length);
+ treeDigest.OutputFinal(rv, 0, rv.Length);
return rv;
}
@@ -450,7 +450,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length);
treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length);
treeDigest.BlockUpdate(skSeed, 0, skSeed.Length);
- treeDigest.DoFinal(prf, prfOff, N);
+ treeDigest.OutputFinal(prf, prfOff, N);
}
public override byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message)
@@ -459,7 +459,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
treeDigest.BlockUpdate(randomiser, 0, randomiser.Length);
treeDigest.BlockUpdate(message, 0, message.Length);
byte[] output = new byte[N];
- treeDigest.DoFinal(output, 0, output.Length);
+ treeDigest.OutputFinal(output, 0, output.Length);
return output;
}
@@ -469,8 +469,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
maskDigest.BlockUpdate(pkSeed, 0, pkSeed.Length);
maskDigest.BlockUpdate(adrs.value, 0, adrs.value.Length);
-
- maskDigest.DoFinal(mask, 0, mask.Length);
+ maskDigest.OutputFinal(mask, 0, mask.Length);
for (int i = 0; i < m.Length; ++i)
{
@@ -486,8 +485,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
maskDigest.BlockUpdate(pkSeed, 0, pkSeed.Length);
maskDigest.BlockUpdate(adrs.value, 0, adrs.value.Length);
-
- maskDigest.DoFinal(mask, 0, mask.Length);
+ maskDigest.OutputFinal(mask, 0, mask.Length);
for (int i = 0; i < m1.Length; ++i)
{
@@ -555,7 +553,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
m = Bitmask(adrs, m);
harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length);
harakaSXof.BlockUpdate(m, 0, m.Length);
- harakaSXof.DoFinal(rv, 0, rv.Length);
+ harakaSXof.OutputFinal(rv, 0, rv.Length);
return rv;
}
@@ -571,7 +569,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
harakaSXof.BlockUpdate(prf, 0, prf.Length);
harakaSXof.BlockUpdate(pkRoot, 0, pkRoot.Length);
harakaSXof.BlockUpdate(message, 0, message.Length);
- harakaSXof.DoFinal(output, 0, output.Length);
+ harakaSXof.OutputFinal(output, 0, output.Length);
// tree index
// currently, only indexes up to 64 bits are supported
@@ -590,7 +588,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
m = Bitmask(adrs, m);
harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length);
harakaSXof.BlockUpdate(m, 0, m.Length);
- harakaSXof.DoFinal(rv, 0, rv.Length);
+ harakaSXof.OutputFinal(rv, 0, rv.Length);
return rv;
}
@@ -609,7 +607,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
harakaSXof.BlockUpdate(prf, 0, prf.Length);
harakaSXof.BlockUpdate(randomiser, 0, randomiser.Length);
harakaSXof.BlockUpdate(message, 0, message.Length);
- harakaSXof.DoFinal(rv, 0, rv.Length);
+ harakaSXof.OutputFinal(rv, 0, rv.Length);
return rv;
}
@@ -619,7 +617,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus
{
byte[] mask = new byte[m.Length];
harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length);
- harakaSXof.DoFinal(mask, 0, mask.Length);
+ harakaSXof.OutputFinal(mask, 0, mask.Length);
for (int i = 0; i < m.Length; ++i)
{
m[i] ^= mask[i];
|
