From 6850fa9083d5d51b3e2ae35a021962148b8f9878 Mon Sep 17 00:00:00 2001
From: Peter Dettman <peter.dettman@bouncycastle.org>
Date: Wed, 12 Oct 2022 23:11:38 +0700
Subject: Skip redundant cipher init in Frodo-AES

---
 .../src/pqc/crypto/frodo/FrodoMatrixGenerator.cs   | 30 ++------
 crypto/test/src/pqc/crypto/test/FrodoVectorTest.cs | 81 ++++++++--------------
 2 files changed, 35 insertions(+), 76 deletions(-)

diff --git a/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs b/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs
index 468e00fbd..ce985c9ab 100644
--- a/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs
+++ b/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs
@@ -1,9 +1,7 @@
-
-
 using System;
+
 using Org.BouncyCastle.Crypto;
 using Org.BouncyCastle.Crypto.Digests;
-using Org.BouncyCastle.Crypto.Engines;
 using Org.BouncyCastle.Crypto.Parameters;
 using Org.BouncyCastle.Crypto.Utilities;
 using Org.BouncyCastle.Utilities;
@@ -62,17 +60,19 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
         internal class Aes128MatrixGenerator
             : FrodoMatrixGenerator
         {
-            BufferedBlockCipher cipher;
+            private readonly IBlockCipher m_cipher;
 
             public Aes128MatrixGenerator(int n, int q)
                 : base(n, q)
             {
-                cipher = new BufferedBlockCipher(AesUtilities.CreateEngine());
-
+                m_cipher = AesUtilities.CreateEngine();
             }
 
             internal override short[] GenMatrix(byte[] seedA)
             {
+                KeyParameter kp = new KeyParameter(seedA);
+                m_cipher.Init(true, kp);
+
                 //        """Generate matrix A using AES-128 (FrodoKEM specification, Algorithm 7)"""
                 //        A = [[None for j in range(self.n)] for i in range(self.n)]
                 short[] A = new short[n * n];
@@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
                         //                struct.pack_into('<H', b, 0, i)
                         //                struct.pack_into('<H', b, 2, j)
                         // 4. c = AES128(seedA, b)
-                        Aes128(c, seedA, b);
+                        m_cipher.ProcessBlock(b, 0, c, 0);
                         // 5. for k = 0; k < 8; k += 1
                         for (int k = 0; k < 8; k++)
                         {
@@ -108,22 +108,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo
 
                 return A;
             }
-
-            void Aes128(byte[] output, byte[] keyBytes, byte[] msg)
-            {
-                try
-                {
-                    KeyParameter kp = new KeyParameter(keyBytes);
-                    cipher.Init(true, kp);
-                    int len = cipher.ProcessBytes(msg, 0, msg.Length, output, 0);
-                    cipher.DoFinal(output, len);
-                }
-                catch (InvalidCipherTextException e)
-                {
-                    throw new Exception(e.ToString(), e);
-                }
-
-            }
         }
     }
 }
\ No newline at end of file
diff --git a/crypto/test/src/pqc/crypto/test/FrodoVectorTest.cs b/crypto/test/src/pqc/crypto/test/FrodoVectorTest.cs
index 311a5cd3a..1c8c768d2 100644
--- a/crypto/test/src/pqc/crypto/test/FrodoVectorTest.cs
+++ b/crypto/test/src/pqc/crypto/test/FrodoVectorTest.cs
@@ -18,14 +18,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
         [Test]
         public void TestParameters()
         {
-            
             FrodoParameters[] parameters = {
-                    FrodoParameters.frodokem19888r3,
-                    FrodoParameters.frodokem19888shaker3,
-                    FrodoParameters.frodokem31296r3,
-                    FrodoParameters.frodokem31296shaker3,
-                    FrodoParameters.frodokem43088r3,
-                    FrodoParameters.frodokem43088shaker3
+                FrodoParameters.frodokem19888r3,
+                FrodoParameters.frodokem19888shaker3,
+                FrodoParameters.frodokem31296r3,
+                FrodoParameters.frodokem31296shaker3,
+                FrodoParameters.frodokem43088r3,
+                FrodoParameters.frodokem43088shaker3
             };
 
             Assert.AreEqual(128, FrodoParameters.frodokem19888r3.DefaultKeySize);
@@ -39,43 +38,24 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
         [Test]
         public void TestVectors()
         {
-            // bool full = System.getProperty("test.full", "false").equals("true");
-            bool full = false;
+            string[] files = {
+                "PQCkemKAT_19888.rsp",
+                "PQCkemKAT_31296.rsp",
+                "PQCkemKAT_43088.rsp",
+                "PQCkemKAT_19888_shake.rsp",
+                "PQCkemKAT_31296_shake.rsp",
+                "PQCkemKAT_43088_shake.rsp"
+            };
+
+            FrodoParameters[] parameters = {
+                FrodoParameters.frodokem19888r3,
+                FrodoParameters.frodokem31296r3,
+                FrodoParameters.frodokem43088r3,
+                FrodoParameters.frodokem19888shaker3,
+                FrodoParameters.frodokem31296shaker3,
+                FrodoParameters.frodokem43088shaker3
+            };
 
-            string[] files;
-            FrodoParameters[] parameters;
-            if (full)
-            {
-                files = new []{
-                    "PQCkemKAT_19888.rsp",
-                    "PQCkemKAT_31296.rsp",
-                    "PQCkemKAT_43088.rsp",
-                    "PQCkemKAT_19888_shake.rsp",
-                    "PQCkemKAT_31296_shake.rsp",
-                    "PQCkemKAT_43088_shake.rsp"
-                };
-
-                parameters = new []{
-                    FrodoParameters.frodokem19888r3,
-                    FrodoParameters.frodokem31296r3,
-                    FrodoParameters.frodokem43088r3,
-                    FrodoParameters.frodokem19888shaker3,
-                    FrodoParameters.frodokem31296shaker3,
-                    FrodoParameters.frodokem43088shaker3
-                };
-            }
-            else
-            {
-                files = new[]{
-                    "PQCkemKAT_19888.rsp",
-                    "PQCkemKAT_19888_shake.rsp",
-                };
-
-                parameters = new[]{
-                    FrodoParameters.frodokem19888r3,
-                    FrodoParameters.frodokem19888shaker3,
-                };
-            }
             TestSampler sampler = new TestSampler();
             for (int fileIndex = 0; fileIndex != files.Length; fileIndex++)
             {
@@ -96,17 +76,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Tests
                     }
                     if (line.Length == 0)
                     {
-                        if (buf.Count > 0 && !sampler.SkipTest(buf["count"]))
+                        if (buf.Count > 0)
                         {
-                            String count = buf["count"];
-                            if (!"0".Equals(count))
-                            {
-                                // randomly skip tests after zero.
-                                // if (rnd.nextBoolean())
-                                // {
-                                //     continue;
-                                // }
-                            }
+                            string count = buf["count"];
+                            if (sampler.SkipTest(count))
+                                continue;
+
                             Console.Write($"test case: {count}");
 
                             byte[] seed = Hex.Decode(buf["seed"]); // seed for nist secure random
-- 
cgit 1.4.1