From d25cabfeb6ba5e73396961724e457bb627086cbd Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Tue, 8 Nov 2022 11:40:35 +0700 Subject: Pqc cleanup --- crypto/src/openpgp/PgpUtilities.cs | 1 - crypto/src/pkcs/PrivateKeyInfoFactory.cs | 18 - crypto/src/pqc/crypto/bike/BikeKemExtractor.cs | 4 - crypto/src/pqc/crypto/cmce/CmceKemGenerator.cs | 3 - crypto/src/pqc/crypto/frodo/FrodoKEMGenerator.cs | 6 +- crypto/src/pqc/crypto/ntru/NtruKemExtractor.cs | 3 +- crypto/src/pqc/crypto/ntru/NtruKemGenerator.cs | 2 +- crypto/src/pqc/crypto/ntru/NtruKeyPairGenerator.cs | 1 + crypto/src/pqc/crypto/ntru/NtruSampling.cs | 1 + crypto/src/pqc/crypto/ntru/owcpa/NtruOwcpa.cs | 1 + .../crypto/ntru/polynomials/Hps4096Polynomial.cs | 2 +- .../pqc/crypto/ntru/polynomials/HpsPolynomial.cs | 3 +- crypto/src/pqc/crypto/picnic/LowmcConstants.cs | 620 ++++++++++----------- crypto/src/pqc/crypto/picnic/PicnicEngine.cs | 154 ++--- .../crypto/picnic/PicnicKeyGenerationParameters.cs | 13 +- .../pqc/crypto/picnic/PicnicKeyPairGenerator.cs | 4 +- .../src/pqc/crypto/picnic/PicnicKeyParameters.cs | 12 +- crypto/src/pqc/crypto/picnic/PicnicParameters.cs | 2 - .../crypto/picnic/PicnicPrivateKeyParameters.cs | 11 +- .../pqc/crypto/picnic/PicnicPublicKeyParameters.cs | 27 +- crypto/src/pqc/crypto/picnic/PicnicSigner.cs | 8 +- crypto/src/pqc/crypto/picnic/PicnicUtilities.cs | 162 ++++++ crypto/src/pqc/crypto/picnic/Signature.cs | 6 +- crypto/src/pqc/crypto/picnic/Tape.cs | 10 +- crypto/src/pqc/crypto/picnic/Tree.cs | 2 +- crypto/src/pqc/crypto/picnic/Utils.cs | 162 ------ crypto/src/tls/Certificate.cs | 2 +- 27 files changed, 597 insertions(+), 643 deletions(-) create mode 100644 crypto/src/pqc/crypto/picnic/PicnicUtilities.cs delete mode 100644 crypto/src/pqc/crypto/picnic/Utils.cs diff --git a/crypto/src/openpgp/PgpUtilities.cs b/crypto/src/openpgp/PgpUtilities.cs index 2642f3497..65f011994 100644 --- a/crypto/src/openpgp/PgpUtilities.cs +++ b/crypto/src/openpgp/PgpUtilities.cs @@ -11,7 +11,6 @@ using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Crypto.Signers; using Org.BouncyCastle.Math; -using Org.BouncyCastle.Pqc.Crypto.SphincsPlus; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Encoders; diff --git a/crypto/src/pkcs/PrivateKeyInfoFactory.cs b/crypto/src/pkcs/PrivateKeyInfoFactory.cs index d6e8ec77c..d56831f35 100644 --- a/crypto/src/pkcs/PrivateKeyInfoFactory.cs +++ b/crypto/src/pkcs/PrivateKeyInfoFactory.cs @@ -13,9 +13,6 @@ using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Generators; using Org.BouncyCastle.Crypto.Parameters; using Org.BouncyCastle.Math; -using Org.BouncyCastle.Pqc.Asn1; -using Org.BouncyCastle.Pqc.Crypto.Cmce; -using Org.BouncyCastle.Pqc.Crypto.Utilities; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; @@ -242,21 +239,6 @@ namespace Org.BouncyCastle.Pkcs return new PrivateKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), new DerOctetString(key.GetEncoded()), attributes, key.GeneratePublicKey().GetEncoded()); } - - if (privateKey is CmcePrivateKeyParameters) - { - CmcePrivateKeyParameters parameters = (CmcePrivateKeyParameters)privateKey; - - byte[] encoding = parameters.GetEncoded(); - - AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(PqcUtilities.McElieceOidLookup(parameters.Parameters)); - - CmcePublicKey cmcePub = new CmcePublicKey(parameters.ReconstructPublicKey()); - CmcePrivateKey cmcePriv = new CmcePrivateKey(0, parameters.Delta, parameters.C, parameters.G, parameters.Alpha, parameters.S, cmcePub); - return new PrivateKeyInfo(algorithmIdentifier, cmcePriv, attributes); - } - - throw new ArgumentException("Class provided is not convertible: " + Platform.GetTypeName(privateKey)); } diff --git a/crypto/src/pqc/crypto/bike/BikeKemExtractor.cs b/crypto/src/pqc/crypto/bike/BikeKemExtractor.cs index b6358e3d2..75dff794c 100644 --- a/crypto/src/pqc/crypto/bike/BikeKemExtractor.cs +++ b/crypto/src/pqc/crypto/bike/BikeKemExtractor.cs @@ -1,9 +1,5 @@ using Org.BouncyCastle.Crypto; -using Org.BouncyCastle.Pqc.Crypto.Sike; using Org.BouncyCastle.Utilities; -using System; -using System.Collections.Generic; -using System.Text; namespace Org.BouncyCastle.Pqc.Crypto.Bike { diff --git a/crypto/src/pqc/crypto/cmce/CmceKemGenerator.cs b/crypto/src/pqc/crypto/cmce/CmceKemGenerator.cs index 7bd38a43a..657da509c 100644 --- a/crypto/src/pqc/crypto/cmce/CmceKemGenerator.cs +++ b/crypto/src/pqc/crypto/cmce/CmceKemGenerator.cs @@ -1,9 +1,6 @@ -using System; - using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Pqc.Crypto.Utilities; using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Cmce { diff --git a/crypto/src/pqc/crypto/frodo/FrodoKEMGenerator.cs b/crypto/src/pqc/crypto/frodo/FrodoKEMGenerator.cs index 540024409..4cfde03fb 100644 --- a/crypto/src/pqc/crypto/frodo/FrodoKEMGenerator.cs +++ b/crypto/src/pqc/crypto/frodo/FrodoKEMGenerator.cs @@ -1,9 +1,6 @@ - -using System; using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Pqc.Crypto.Utilities; using Org.BouncyCastle.Security; -using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Frodo { @@ -11,7 +8,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo : IEncapsulatedSecretGenerator { // the source of randomness - private SecureRandom sr; + private readonly SecureRandom sr; public FrodoKEMGenerator(SecureRandom random) { @@ -27,6 +24,5 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo engine.kem_enc(cipher_text, sessionKey, key.m_publicKey, sr); return new SecretWithEncapsulationImpl(sessionKey, cipher_text); } - } } diff --git a/crypto/src/pqc/crypto/ntru/NtruKemExtractor.cs b/crypto/src/pqc/crypto/ntru/NtruKemExtractor.cs index aba22a0f4..b9e94b665 100644 --- a/crypto/src/pqc/crypto/ntru/NtruKemExtractor.cs +++ b/crypto/src/pqc/crypto/ntru/NtruKemExtractor.cs @@ -1,5 +1,6 @@ using System; using System.Diagnostics; + using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Digests; using Org.BouncyCastle.Pqc.Crypto.Ntru.Owcpa; @@ -81,4 +82,4 @@ namespace Org.BouncyCastle.Pqc.Crypto.Ntru public int EncapsulationLength => _parameters.ParameterSet.NtruCiphertextBytes(); } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/ntru/NtruKemGenerator.cs b/crypto/src/pqc/crypto/ntru/NtruKemGenerator.cs index e579c898d..283bddbda 100644 --- a/crypto/src/pqc/crypto/ntru/NtruKemGenerator.cs +++ b/crypto/src/pqc/crypto/ntru/NtruKemGenerator.cs @@ -1,8 +1,8 @@ using System; + using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto.Digests; using Org.BouncyCastle.Pqc.Crypto.Ntru.Owcpa; -using Org.BouncyCastle.Pqc.Crypto.Ntru.ParameterSets; using Org.BouncyCastle.Pqc.Crypto.Ntru.Polynomials; using Org.BouncyCastle.Security; diff --git a/crypto/src/pqc/crypto/ntru/NtruKeyPairGenerator.cs b/crypto/src/pqc/crypto/ntru/NtruKeyPairGenerator.cs index 60bddc4c3..427b02304 100644 --- a/crypto/src/pqc/crypto/ntru/NtruKeyPairGenerator.cs +++ b/crypto/src/pqc/crypto/ntru/NtruKeyPairGenerator.cs @@ -1,4 +1,5 @@ using System; + using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Pqc.Crypto.Ntru.Owcpa; using Org.BouncyCastle.Pqc.Crypto.Ntru.ParameterSets; diff --git a/crypto/src/pqc/crypto/ntru/NtruSampling.cs b/crypto/src/pqc/crypto/ntru/NtruSampling.cs index fca99b130..5fb8527cc 100644 --- a/crypto/src/pqc/crypto/ntru/NtruSampling.cs +++ b/crypto/src/pqc/crypto/ntru/NtruSampling.cs @@ -1,4 +1,5 @@ using System; + using Org.BouncyCastle.Pqc.Crypto.Ntru.ParameterSets; using Org.BouncyCastle.Pqc.Crypto.Ntru.Polynomials; using Org.BouncyCastle.Utilities; diff --git a/crypto/src/pqc/crypto/ntru/owcpa/NtruOwcpa.cs b/crypto/src/pqc/crypto/ntru/owcpa/NtruOwcpa.cs index b6cbdfd5d..5d0b206af 100644 --- a/crypto/src/pqc/crypto/ntru/owcpa/NtruOwcpa.cs +++ b/crypto/src/pqc/crypto/ntru/owcpa/NtruOwcpa.cs @@ -1,4 +1,5 @@ using System; + using Org.BouncyCastle.Pqc.Crypto.Ntru.ParameterSets; using Org.BouncyCastle.Pqc.Crypto.Ntru.Polynomials; using Org.BouncyCastle.Utilities; diff --git a/crypto/src/pqc/crypto/ntru/polynomials/Hps4096Polynomial.cs b/crypto/src/pqc/crypto/ntru/polynomials/Hps4096Polynomial.cs index 9a0d97759..0350c76e4 100644 --- a/crypto/src/pqc/crypto/ntru/polynomials/Hps4096Polynomial.cs +++ b/crypto/src/pqc/crypto/ntru/polynomials/Hps4096Polynomial.cs @@ -4,7 +4,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Ntru.Polynomials { internal class Hps4096Polynomial : HpsPolynomial { - public Hps4096Polynomial(NtruParameterSet parameterSet) : base(parameterSet) + internal Hps4096Polynomial(NtruParameterSet parameterSet) : base(parameterSet) { } diff --git a/crypto/src/pqc/crypto/ntru/polynomials/HpsPolynomial.cs b/crypto/src/pqc/crypto/ntru/polynomials/HpsPolynomial.cs index 6097912a1..d71e08b10 100644 --- a/crypto/src/pqc/crypto/ntru/polynomials/HpsPolynomial.cs +++ b/crypto/src/pqc/crypto/ntru/polynomials/HpsPolynomial.cs @@ -1,11 +1,12 @@ using System; + using Org.BouncyCastle.Pqc.Crypto.Ntru.ParameterSets; namespace Org.BouncyCastle.Pqc.Crypto.Ntru.Polynomials { internal class HpsPolynomial : Polynomial { - public HpsPolynomial(NtruParameterSet parameterSet) : base(parameterSet) + internal HpsPolynomial(NtruParameterSet parameterSet) : base(parameterSet) { } diff --git a/crypto/src/pqc/crypto/picnic/LowmcConstants.cs b/crypto/src/pqc/crypto/picnic/LowmcConstants.cs index 52af2596c..3f4823481 100644 --- a/crypto/src/pqc/crypto/picnic/LowmcConstants.cs +++ b/crypto/src/pqc/crypto/picnic/LowmcConstants.cs @@ -1,371 +1,365 @@ -using System; using System.Collections.Generic; using System.IO; -using System.Reflection; using Org.BouncyCastle.Crypto.Utilities; -using Org.BouncyCastle.Pqc.Crypto.Picnic; using Org.BouncyCastle.Utilities.Encoders; -public sealed class LowmcConstants +namespace Org.BouncyCastle.Pqc.Crypto.Picnic { - private static readonly LowmcConstants instance = new LowmcConstants(); - - static LowmcConstants() + internal sealed class LowmcConstants { - } + private static readonly LowmcConstants instance = new LowmcConstants(); - private LowmcConstants() - { - _matrixToHex = new Dictionary(); - Stream input = typeof(LowmcConstants).Assembly - .GetManifestResourceStream("Org.BouncyCastle.pqc.crypto.picnic.lowmcconstants.properties"); - - using (StreamReader sr = new StreamReader(input)) + private LowmcConstants() { - // load a properties file - string line = sr.ReadLine(); - string matrix, hexString; + _matrixToHex = new Dictionary(); + Stream input = typeof(LowmcConstants).Assembly + .GetManifestResourceStream("Org.BouncyCastle.pqc.crypto.picnic.lowmcconstants.properties"); - while (line != null) + using (StreamReader sr = new StreamReader(input)) { - string header = line; - if (header != "") + // load a properties file + string line = sr.ReadLine(); + string matrix, hexString; + + while (line != null) { - header = header.Replace(",", ""); - int index = header.IndexOf('='); - matrix = header.Substring(0, index).Trim(); - hexString = header.Substring(index + 1).Trim(); - _matrixToHex.Add(matrix, hexString); + string header = line; + if (header != "") + { + header = header.Replace(",", ""); + int index = header.IndexOf('='); + matrix = header.Substring(0, index).Trim(); + hexString = header.Substring(index + 1).Trim(); + _matrixToHex.Add(matrix, hexString); + } + + line = sr.ReadLine(); } - - line = sr.ReadLine(); } - } - linearMatrices_L1 = ReadFromProperty("linearMatrices_L1", 40960); - roundConstants_L1 = ReadFromProperty("roundConstants_L1", 320); - keyMatrices_L1 = ReadFromProperty("keyMatrices_L1", 43008); - LMatrix_L1 = new KMatrices(20, 128, 4, linearMatrices_L1); - KMatrix_L1 = new KMatrices(21, 128, 4, keyMatrices_L1); - RConstants_L1 = new KMatrices(0, 1, 4, roundConstants_L1); - // - linearMatrices_L1_full = ReadFromProperty("linearMatrices_L1_full", 12800); - keyMatrices_L1_full = ReadFromProperty("keyMatrices_L1_full", 12900); - keyMatrices_L1_inv = ReadFromProperty("keyMatrices_L1_inv", 2850); - linearMatrices_L1_inv = ReadFromProperty("linearMatrices_L1_inv", 12800); - roundConstants_L1_full = ReadFromProperty("roundConstants_L1_full", 80); - LMatrix_L1_full = new KMatrices(4, 129, 5, linearMatrices_L1_full); - LMatrix_L1_inv = new KMatrices(4, 129, 5, linearMatrices_L1_inv); - KMatrix_L1_full = new KMatrices(5, 129, 5, keyMatrices_L1_full); - KMatrix_L1_inv = new KMatrices(1, 129, 5, keyMatrices_L1_inv); - RConstants_L1_full = new KMatrices(4, 1, 5, roundConstants_L1_full); - // - linearMatrices_L3 = ReadFromProperty("linearMatrices_L3", 138240); - roundConstants_L3 = ReadFromProperty("roundConstants_L3", 720); - keyMatrices_L3 = ReadFromProperty("keyMatrices_L3", 142848); - LMatrix_L3 = new KMatrices(30, 192, 6, linearMatrices_L3); - KMatrix_L3 = new KMatrices(31, 192, 6, keyMatrices_L3); - RConstants_L3 = new KMatrices(30, 1, 6, roundConstants_L3); - // - linearMatrices_L3_full = ReadFromProperty("linearMatrices_L3_full", 18432); - linearMatrices_L3_inv = ReadFromProperty("linearMatrices_L3_inv", 18432); - roundConstants_L3_full = ReadFromProperty("roundConstants_L3_full", 96); - keyMatrices_L3_full = ReadFromProperty("keyMatrices_L3_full", 23040); - keyMatrices_L3_inv = ReadFromProperty("keyMatrices_L3_inv", 4608); - LMatrix_L3_full = new KMatrices(4, 192, 6, linearMatrices_L3_full); - LMatrix_L3_inv = new KMatrices(4, 192, 6, linearMatrices_L3_inv); - KMatrix_L3_full = new KMatrices(5, 192, 6, keyMatrices_L3_full); - KMatrix_L3_inv = new KMatrices(1, 192, 6, keyMatrices_L3_inv); - RConstants_L3_full = new KMatrices(4, 1, 6, roundConstants_L3_full); - // - linearMatrices_L5 = ReadFromProperty("linearMatrices_L5", 311296); - roundConstants_L5 = ReadFromProperty("roundConstants_L5", 1216); - keyMatrices_L5 = ReadFromProperty("keyMatrices_L5", 319488); - LMatrix_L5 = new KMatrices(38, 256, 8, linearMatrices_L5); - KMatrix_L5 = new KMatrices(39, 256, 8, keyMatrices_L5); - RConstants_L5 = new KMatrices(38, 1, 8, roundConstants_L5); - // - linearMatrices_L5_full = ReadFromProperty("linearMatrices_L5_full", 32768); - linearMatrices_L5_inv = ReadFromProperty("linearMatrices_L5_inv", 32768); - roundConstants_L5_full = ReadFromProperty("roundConstants_L5_full", 128); - keyMatrices_L5_full = ReadFromProperty("keyMatrices_L5_full", 40960); - keyMatrices_L5_inv = ReadFromProperty("keyMatrices_L5_inv", 8160); - LMatrix_L5_full = new KMatrices(4, 255, 8, linearMatrices_L5_full); - LMatrix_L5_inv = new KMatrices(4, 255, 8, linearMatrices_L5_inv); - KMatrix_L5_full = new KMatrices(5, 255, 8, keyMatrices_L5_full); - KMatrix_L5_inv = new KMatrices(1, 255, 8, keyMatrices_L5_inv); - RConstants_L5_full = new KMatrices(4, 1, 8, roundConstants_L5_full); - } - - public static LowmcConstants Instance - { - get { return instance; } - } + linearMatrices_L1 = ReadFromProperty("linearMatrices_L1", 40960); + roundConstants_L1 = ReadFromProperty("roundConstants_L1", 320); + keyMatrices_L1 = ReadFromProperty("keyMatrices_L1", 43008); + LMatrix_L1 = new KMatrices(20, 128, 4, linearMatrices_L1); + KMatrix_L1 = new KMatrices(21, 128, 4, keyMatrices_L1); + RConstants_L1 = new KMatrices(0, 1, 4, roundConstants_L1); + // + linearMatrices_L1_full = ReadFromProperty("linearMatrices_L1_full", 12800); + keyMatrices_L1_full = ReadFromProperty("keyMatrices_L1_full", 12900); + keyMatrices_L1_inv = ReadFromProperty("keyMatrices_L1_inv", 2850); + linearMatrices_L1_inv = ReadFromProperty("linearMatrices_L1_inv", 12800); + roundConstants_L1_full = ReadFromProperty("roundConstants_L1_full", 80); + LMatrix_L1_full = new KMatrices(4, 129, 5, linearMatrices_L1_full); + LMatrix_L1_inv = new KMatrices(4, 129, 5, linearMatrices_L1_inv); + KMatrix_L1_full = new KMatrices(5, 129, 5, keyMatrices_L1_full); + KMatrix_L1_inv = new KMatrices(1, 129, 5, keyMatrices_L1_inv); + RConstants_L1_full = new KMatrices(4, 1, 5, roundConstants_L1_full); + // + linearMatrices_L3 = ReadFromProperty("linearMatrices_L3", 138240); + roundConstants_L3 = ReadFromProperty("roundConstants_L3", 720); + keyMatrices_L3 = ReadFromProperty("keyMatrices_L3", 142848); + LMatrix_L3 = new KMatrices(30, 192, 6, linearMatrices_L3); + KMatrix_L3 = new KMatrices(31, 192, 6, keyMatrices_L3); + RConstants_L3 = new KMatrices(30, 1, 6, roundConstants_L3); + // + linearMatrices_L3_full = ReadFromProperty("linearMatrices_L3_full", 18432); + linearMatrices_L3_inv = ReadFromProperty("linearMatrices_L3_inv", 18432); + roundConstants_L3_full = ReadFromProperty("roundConstants_L3_full", 96); + keyMatrices_L3_full = ReadFromProperty("keyMatrices_L3_full", 23040); + keyMatrices_L3_inv = ReadFromProperty("keyMatrices_L3_inv", 4608); + LMatrix_L3_full = new KMatrices(4, 192, 6, linearMatrices_L3_full); + LMatrix_L3_inv = new KMatrices(4, 192, 6, linearMatrices_L3_inv); + KMatrix_L3_full = new KMatrices(5, 192, 6, keyMatrices_L3_full); + KMatrix_L3_inv = new KMatrices(1, 192, 6, keyMatrices_L3_inv); + RConstants_L3_full = new KMatrices(4, 1, 6, roundConstants_L3_full); + // + linearMatrices_L5 = ReadFromProperty("linearMatrices_L5", 311296); + roundConstants_L5 = ReadFromProperty("roundConstants_L5", 1216); + keyMatrices_L5 = ReadFromProperty("keyMatrices_L5", 319488); + LMatrix_L5 = new KMatrices(38, 256, 8, linearMatrices_L5); + KMatrix_L5 = new KMatrices(39, 256, 8, keyMatrices_L5); + RConstants_L5 = new KMatrices(38, 1, 8, roundConstants_L5); + // + linearMatrices_L5_full = ReadFromProperty("linearMatrices_L5_full", 32768); + linearMatrices_L5_inv = ReadFromProperty("linearMatrices_L5_inv", 32768); + roundConstants_L5_full = ReadFromProperty("roundConstants_L5_full", 128); + keyMatrices_L5_full = ReadFromProperty("keyMatrices_L5_full", 40960); + keyMatrices_L5_inv = ReadFromProperty("keyMatrices_L5_inv", 8160); + LMatrix_L5_full = new KMatrices(4, 255, 8, linearMatrices_L5_full); + LMatrix_L5_inv = new KMatrices(4, 255, 8, linearMatrices_L5_inv); + KMatrix_L5_full = new KMatrices(5, 255, 8, keyMatrices_L5_full); + KMatrix_L5_inv = new KMatrices(1, 255, 8, keyMatrices_L5_inv); + RConstants_L5_full = new KMatrices(4, 1, 8, roundConstants_L5_full); + } - private static Dictionary _matrixToHex; - - // Parameters for security level L1 - // Block/key size: 128 - // Rounds: 20 - private static uint[] linearMatrices_L1; - private static uint[] roundConstants_L1; - private static uint[] keyMatrices_L1; - - private static KMatrices LMatrix_L1; - private static KMatrices KMatrix_L1; - private static KMatrices RConstants_L1; - - // Parameters for security level L1, full s-box layer - // Block/key size: 129 - // Rounds: 4 - // Note that each 129-bit row of the matrix is zero padded to 160 bits (the next multiple of 32) - private static uint[] linearMatrices_L1_full; - private static uint[] keyMatrices_L1_full; - private static uint[] keyMatrices_L1_inv; - private static uint[] linearMatrices_L1_inv; - private static uint[] roundConstants_L1_full; - - private static KMatrices LMatrix_L1_full; - private static KMatrices LMatrix_L1_inv; - private static KMatrices KMatrix_L1_full; - private static KMatrices KMatrix_L1_inv; - private static KMatrices RConstants_L1_full; - - - // Parameters for security level L3 - // Block/key size: 192 - // Rounds: 30 - private static uint[] linearMatrices_L3; - private static uint[] roundConstants_L3; - private static uint[] keyMatrices_L3; - - private static KMatrices LMatrix_L3; - private static KMatrices KMatrix_L3; - private static KMatrices RConstants_L3; - - // Parameters for security level L3, full s-box layer - // Block/key size: 192 - // S-boxes: 64 - // Rounds: 4 - private static uint[] linearMatrices_L3_full; - private static uint[] linearMatrices_L3_inv; - private static uint[] roundConstants_L3_full; - private static uint[] keyMatrices_L3_full; - private static uint[] keyMatrices_L3_inv; - - private static KMatrices LMatrix_L3_full; - private static KMatrices LMatrix_L3_inv; - private static KMatrices KMatrix_L3_full; - private static KMatrices KMatrix_L3_inv; - private static KMatrices RConstants_L3_full; - - - // Parameters for security level L5 - // Block/key size: 256 - // Rounds: 38 - private static uint[] linearMatrices_L5; - private static uint[] roundConstants_L5; - private static uint[] keyMatrices_L5; - - private static KMatrices LMatrix_L5; - private static KMatrices KMatrix_L5; - private static KMatrices RConstants_L5; - - // Parameters for security level L5, full nonlinear layer - // Block/key size: 255 - // S-boxes: 85 - // Rounds: 4 - private static uint[] linearMatrices_L5_full; - private static uint[] linearMatrices_L5_inv; - private static uint[] roundConstants_L5_full; - private static uint[] keyMatrices_L5_full; - private static uint[] keyMatrices_L5_inv; - - private static KMatrices LMatrix_L5_full; - private static KMatrices LMatrix_L5_inv; - private static KMatrices KMatrix_L5_full; - private static KMatrices KMatrix_L5_inv; - private static KMatrices RConstants_L5_full; - - - private static uint[] ReadFromProperty(string key, int intSize) - { - string s = _matrixToHex[key]; - byte[] bytes = Hex.Decode(s); - uint[] ints = new uint[intSize]; - for (int i = 0; i < bytes.Length/4; i++) + internal static LowmcConstants Instance { - ints[i] = Pack.LE_To_UInt32(bytes, i*4); + get { return instance; } } + + private static Dictionary _matrixToHex; + + // Parameters for security level L1 + // Block/key size: 128 + // Rounds: 20 + private static uint[] linearMatrices_L1; + private static uint[] roundConstants_L1; + private static uint[] keyMatrices_L1; + + private static KMatrices LMatrix_L1; + private static KMatrices KMatrix_L1; + private static KMatrices RConstants_L1; + + // Parameters for security level L1, full s-box layer + // Block/key size: 129 + // Rounds: 4 + // Note that each 129-bit row of the matrix is zero padded to 160 bits (the next multiple of 32) + private static uint[] linearMatrices_L1_full; + private static uint[] keyMatrices_L1_full; + private static uint[] keyMatrices_L1_inv; + private static uint[] linearMatrices_L1_inv; + private static uint[] roundConstants_L1_full; + + private static KMatrices LMatrix_L1_full; + private static KMatrices LMatrix_L1_inv; + private static KMatrices KMatrix_L1_full; + private static KMatrices KMatrix_L1_inv; + private static KMatrices RConstants_L1_full; + + + // Parameters for security level L3 + // Block/key size: 192 + // Rounds: 30 + private static uint[] linearMatrices_L3; + private static uint[] roundConstants_L3; + private static uint[] keyMatrices_L3; + + private static KMatrices LMatrix_L3; + private static KMatrices KMatrix_L3; + private static KMatrices RConstants_L3; + + // Parameters for security level L3, full s-box layer + // Block/key size: 192 + // S-boxes: 64 + // Rounds: 4 + private static uint[] linearMatrices_L3_full; + private static uint[] linearMatrices_L3_inv; + private static uint[] roundConstants_L3_full; + private static uint[] keyMatrices_L3_full; + private static uint[] keyMatrices_L3_inv; + + private static KMatrices LMatrix_L3_full; + private static KMatrices LMatrix_L3_inv; + private static KMatrices KMatrix_L3_full; + private static KMatrices KMatrix_L3_inv; + private static KMatrices RConstants_L3_full; + + + // Parameters for security level L5 + // Block/key size: 256 + // Rounds: 38 + private static uint[] linearMatrices_L5; + private static uint[] roundConstants_L5; + private static uint[] keyMatrices_L5; + + private static KMatrices LMatrix_L5; + private static KMatrices KMatrix_L5; + private static KMatrices RConstants_L5; + + // Parameters for security level L5, full nonlinear layer + // Block/key size: 255 + // S-boxes: 85 + // Rounds: 4 + private static uint[] linearMatrices_L5_full; + private static uint[] linearMatrices_L5_inv; + private static uint[] roundConstants_L5_full; + private static uint[] keyMatrices_L5_full; + private static uint[] keyMatrices_L5_inv; + + private static KMatrices LMatrix_L5_full; + private static KMatrices LMatrix_L5_inv; + private static KMatrices KMatrix_L5_full; + private static KMatrices KMatrix_L5_inv; + private static KMatrices RConstants_L5_full; + + + private static uint[] ReadFromProperty(string key, int intSize) + { + string s = _matrixToHex[key]; + byte[] bytes = Hex.Decode(s); + uint[] ints = new uint[intSize]; + for (int i = 0; i < bytes.Length/4; i++) + { + ints[i] = Pack.LE_To_UInt32(bytes, i*4); + } - return ints; - } + return ints; + } - // Functions to return individual matricies and round constants - - /* Return a pointer to the r-th matrix. The caller must know the dimensions */ - private KMatricesWithPointer GET_MAT(KMatrices m, int r) - { - KMatricesWithPointer mwp = new KMatricesWithPointer(m); - mwp.SetMatrixPointer(r*mwp.GetSize()); - return mwp; - } - - - /* Return the LowMC linear matrix for this round */ - internal KMatricesWithPointer LMatrix(PicnicEngine engine, int round) - { + // Functions to return individual matricies and round constants - if(engine.stateSizeBits == 128) + /* Return a pointer to the r-th matrix. The caller must know the dimensions */ + private KMatricesWithPointer GET_MAT(KMatrices m, int r) { - return GET_MAT(LMatrix_L1, round); + KMatricesWithPointer mwp = new KMatricesWithPointer(m); + mwp.SetMatrixPointer(r*mwp.GetSize()); + return mwp; } - else if(engine.stateSizeBits == 129) - { - return GET_MAT(LMatrix_L1_full, round); - } - else if(engine.stateSizeBits == 192) + + + /* Return the LowMC linear matrix for this round */ + internal KMatricesWithPointer LMatrix(PicnicEngine engine, int round) { - if(engine.numRounds == 4) + + if(engine.stateSizeBits == 128) + { + return GET_MAT(LMatrix_L1, round); + } + else if(engine.stateSizeBits == 129) + { + return GET_MAT(LMatrix_L1_full, round); + } + else if(engine.stateSizeBits == 192) + { + if(engine.numRounds == 4) + { + return GET_MAT(LMatrix_L3_full, round); + } + else + { + return GET_MAT(LMatrix_L3, round); + } + } + else if(engine.stateSizeBits == 255) + { + return GET_MAT(LMatrix_L5_full, round); + } + else if(engine.stateSizeBits == 256) { - return GET_MAT(LMatrix_L3_full, round); + return GET_MAT(LMatrix_L5, round); } else { - return GET_MAT(LMatrix_L3, round); + return null; } } - else if(engine.stateSizeBits == 255) - { - return GET_MAT(LMatrix_L5_full, round); - } - else if(engine.stateSizeBits == 256) - { - return GET_MAT(LMatrix_L5, round); - } - else - { - return null; - } - } - /* Return the LowMC inverse linear layer matrix for this round */ - internal KMatricesWithPointer LMatrixInv(PicnicEngine engine, int round) - { - if(engine.stateSizeBits == 129) + /* Return the LowMC inverse linear layer matrix for this round */ + internal KMatricesWithPointer LMatrixInv(PicnicEngine engine, int round) { - return GET_MAT(LMatrix_L1_inv, round); - } - else if(engine.stateSizeBits == 192 && engine.numRounds == 4) - { - return GET_MAT(LMatrix_L3_inv, round); - } - else if(engine.stateSizeBits == 255) - { - return GET_MAT(LMatrix_L5_inv, round); - } - else - { - return null; + if(engine.stateSizeBits == 129) + { + return GET_MAT(LMatrix_L1_inv, round); + } + else if(engine.stateSizeBits == 192 && engine.numRounds == 4) + { + return GET_MAT(LMatrix_L3_inv, round); + } + else if(engine.stateSizeBits == 255) + { + return GET_MAT(LMatrix_L5_inv, round); + } + else + { + return null; + } } - } - /* Return the LowMC key matrix for this round */ - internal KMatricesWithPointer KMatrix(PicnicEngine engine, int round) - { - if(engine.stateSizeBits == 128) - { - return GET_MAT(KMatrix_L1, round); - } - else if(engine.stateSizeBits == 129) - { - return GET_MAT(KMatrix_L1_full, round); - } - else if(engine.stateSizeBits == 192) + /* Return the LowMC key matrix for this round */ + internal KMatricesWithPointer KMatrix(PicnicEngine engine, int round) { - if(engine.numRounds == 4) + if(engine.stateSizeBits == 128) + { + return GET_MAT(KMatrix_L1, round); + } + else if(engine.stateSizeBits == 129) + { + return GET_MAT(KMatrix_L1_full, round); + } + else if(engine.stateSizeBits == 192) + { + if(engine.numRounds == 4) + { + return GET_MAT(KMatrix_L3_full, round); + } + else + { + return GET_MAT(KMatrix_L3, round); + } + } + else if(engine.stateSizeBits == 255) + { + return GET_MAT(KMatrix_L5_full, round); + } + else if(engine.stateSizeBits == 256) { - return GET_MAT(KMatrix_L3_full, round); + return GET_MAT(KMatrix_L5, round); } else { - return GET_MAT(KMatrix_L3, round); + return null; } } - else if(engine.stateSizeBits == 255) - { - return GET_MAT(KMatrix_L5_full, round); - } - else if(engine.stateSizeBits == 256) - { - return GET_MAT(KMatrix_L5, round); - } - else - { - return null; - } - } - /* Return the LowMC inverse key matrix for this round */ - internal KMatricesWithPointer KMatrixInv(PicnicEngine engine, int round) - { - if(engine.stateSizeBits == 129) + /* Return the LowMC inverse key matrix for this round */ + internal KMatricesWithPointer KMatrixInv(PicnicEngine engine, int round) { - return GET_MAT(KMatrix_L1_inv, round); - } - else if(engine.stateSizeBits == 192 && engine.numRounds == 4) - { - return GET_MAT(KMatrix_L3_inv, round); - } - else if(engine.stateSizeBits == 255) - { - return GET_MAT(KMatrix_L5_inv, round); - } - else - { - return null; + if(engine.stateSizeBits == 129) + { + return GET_MAT(KMatrix_L1_inv, round); + } + else if(engine.stateSizeBits == 192 && engine.numRounds == 4) + { + return GET_MAT(KMatrix_L3_inv, round); + } + else if(engine.stateSizeBits == 255) + { + return GET_MAT(KMatrix_L5_inv, round); + } + else + { + return null; + } } - } - /* Return the LowMC round constant for this round */ - internal KMatricesWithPointer RConstant(PicnicEngine engine, int round) - { - if(engine.stateSizeBits == 128) + /* Return the LowMC round constant for this round */ + internal KMatricesWithPointer RConstant(PicnicEngine engine, int round) { - return GET_MAT(RConstants_L1, round); - } - else if(engine.stateSizeBits == 129) - { - return GET_MAT(RConstants_L1_full, round); - } - else if(engine.stateSizeBits == 192) - { - if(engine.numRounds == 4) + if(engine.stateSizeBits == 128) { - return GET_MAT(RConstants_L3_full, round); + return GET_MAT(RConstants_L1, round); + } + else if(engine.stateSizeBits == 129) + { + return GET_MAT(RConstants_L1_full, round); + } + else if(engine.stateSizeBits == 192) + { + if(engine.numRounds == 4) + { + return GET_MAT(RConstants_L3_full, round); + } + else + { + return GET_MAT(RConstants_L3, round); + } + } + else if(engine.stateSizeBits == 255) + { + return GET_MAT(RConstants_L5_full, round); + } + else if(engine.stateSizeBits == 256) + { + return GET_MAT(RConstants_L5, round); } else { - return GET_MAT(RConstants_L3, round); + return null; } } - else if(engine.stateSizeBits == 255) - { - return GET_MAT(RConstants_L5_full, round); - } - else if(engine.stateSizeBits == 256) - { - return GET_MAT(RConstants_L5, round); - } - else - { - return null; - } } - - } diff --git a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs index 5557ddcff..e813d8977 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs @@ -265,9 +265,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic } // calculated depending on above parameters - andSizeBytes = Utils.NumBytes(numSboxes * 3 * numRounds); - stateSizeBytes = Utils.NumBytes(stateSizeBits); - seedSizeBytes = Utils.NumBytes(2 * pqSecurityLevel); + andSizeBytes = PicnicUtilities.NumBytes(numSboxes * 3 * numRounds); + stateSizeBytes = PicnicUtilities.NumBytes(stateSizeBits); + seedSizeBytes = PicnicUtilities.NumBytes(2 * pqSecurityLevel); stateSizeWords = (stateSizeBits + WORD_SIZE_BITS - 1) / WORD_SIZE_BITS; switch (parameters) @@ -418,11 +418,11 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic viewOutputs[i][(challenge + 2) % 3] = view3Output; } - computed_challengebits = new byte[Utils.NumBytes(2 * numMPCRounds)]; + computed_challengebits = new byte[PicnicUtilities.NumBytes(2 * numMPCRounds)]; H3(pubKey, plaintext, viewOutputs, AS, computed_challengebits, sig.salt, message, gs); - if (!SubarrayEquals(received_challengebits, computed_challengebits, Utils.NumBytes(2 * numMPCRounds))) + if (!SubarrayEquals(received_challengebits, computed_challengebits, PicnicUtilities.NumBytes(2 * numMPCRounds))) { Console.Error.Write(("Invalid signature. Did not verify\n")); status = -1; @@ -520,12 +520,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic Pack.UInt32_To_LE(view1.inputShare, view_bytes, 0); Arrays.Fill(view_bytes, stateSizeBytes, view_bytes.Length, (byte) 0); //todo have correct size: reduce view.inputshare by /4 - Utils.ZeroTrailingBits(view_bytes, stateSizeBits); + PicnicUtilities.ZeroTrailingBits(view_bytes, stateSizeBits); Pack.LE_To_UInt32(view_bytes, 0, view1.inputShare); Pack.UInt32_To_LE(view2.inputShare, view_bytes, 0); Arrays.Fill(view_bytes, stateSizeBytes, view_bytes.Length, (byte) 0); - Utils.ZeroTrailingBits(view_bytes, stateSizeBits); + PicnicUtilities.ZeroTrailingBits(view_bytes, stateSizeBits); Pack.LE_To_UInt32(view_bytes, 0, view2.inputShare); @@ -535,7 +535,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic private void mpc_LowMC_verify(View view1, View view2, Tape tapes, uint[] tmp, uint[] plaintext, int challenge) { - Utils.Fill(tmp, 0, tmp.Length, 0); + PicnicUtilities.Fill(tmp, 0, tmp.Length, 0); mpc_xor_constant_verify(tmp, plaintext, 0, stateSizeWords, challenge); @@ -591,9 +591,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic for (int j = 0; j < 2; j++) { stateOffset = ((2 + j) * stateSizeWords) * 32; - a[j] = Utils.GetBitFromWordArray(state, stateOffset + i + 2); - b[j] = Utils.GetBitFromWordArray(state, stateOffset + i + 1); - c[j] = Utils.GetBitFromWordArray(state, stateOffset + i); + a[j] = PicnicUtilities.GetBitFromWordArray(state, stateOffset + i + 2); + b[j] = PicnicUtilities.GetBitFromWordArray(state, stateOffset + i + 1); + c[j] = PicnicUtilities.GetBitFromWordArray(state, stateOffset + i); } mpc_AND_verify(a, b, ab, rand, view1, view2); @@ -603,20 +603,20 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic for (int j = 0; j < 2; j++) { stateOffset = ((2 + j) * stateSizeWords) * 32; - Utils.SetBitInWordArray(state, stateOffset + i + 2, a[j] ^ (bc[j])); - Utils.SetBitInWordArray(state, stateOffset + i + 1, a[j] ^ b[j] ^ (ca[j])); - Utils.SetBitInWordArray(state, stateOffset + i, a[j] ^ b[j] ^ c[j] ^ (ab[j])); + PicnicUtilities.SetBitInWordArray(state, stateOffset + i + 2, a[j] ^ (bc[j])); + PicnicUtilities.SetBitInWordArray(state, stateOffset + i + 1, a[j] ^ b[j] ^ (ca[j])); + PicnicUtilities.SetBitInWordArray(state, stateOffset + i, a[j] ^ b[j] ^ c[j] ^ (ab[j])); } } } private void mpc_AND_verify(uint[] in1, uint[] in2, uint[] output, Tape rand, View view1, View view2) { - uint[] r = {Utils.GetBit(rand.tapes[0], rand.pos), Utils.GetBit(rand.tapes[1], rand.pos)}; + uint[] r = {PicnicUtilities.GetBit(rand.tapes[0], rand.pos), PicnicUtilities.GetBit(rand.tapes[1], rand.pos)}; output[0] = (in1[0] & in2[1]) ^ (in1[1] & in2[0]) ^ (in1[0] & in2[0]) ^ r[0] ^ r[1]; - Utils.SetBit(view1.communicatedBits, rand.pos, (byte) (output[0] & 0xff)); - output[1] = Utils.GetBit(view2.communicatedBits, rand.pos); + PicnicUtilities.SetBit(view1.communicatedBits, rand.pos, (byte) (output[0] & 0xff)); + output[1] = PicnicUtilities.GetBit(view2.communicatedBits, rand.pos); rand.pos++; } @@ -651,14 +651,14 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic byte[] challengeBits = sig.challengeBits; /* Validate input buffer is large enough */ - if (sigBytesLen < Utils.NumBytes(2 * numMPCRounds)) + if (sigBytesLen < PicnicUtilities.NumBytes(2 * numMPCRounds)) { /* ensure the input has at least the challenge */ return -1; } int inputShareSize = ComputeInputShareSize(sigBytes, stateSizeBytes); - int bytesExpected = Utils.NumBytes(2 * numMPCRounds) + saltSizeBytes + + int bytesExpected = PicnicUtilities.NumBytes(2 * numMPCRounds) + saltSizeBytes + numMPCRounds * (2 * seedSizeBytes + andSizeBytes + digestSizeBytes) + inputShareSize; if (transform == TRANSFORM_UR) @@ -671,8 +671,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic return -1; } - Array.Copy(sigBytes, sigBytesOffset, challengeBits, 0, Utils.NumBytes(2 * numMPCRounds)); - sigBytesOffset += Utils.NumBytes(2 * numMPCRounds); + Array.Copy(sigBytes, sigBytesOffset, challengeBits, 0, PicnicUtilities.NumBytes(2 * numMPCRounds)); + sigBytesOffset += PicnicUtilities.NumBytes(2 * numMPCRounds); if (!IsChallengeValid(challengeBits)) { @@ -1071,10 +1071,10 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic private bool ArePaddingBitsZero(byte[] data, int bitLength) { - int byteLength = Utils.NumBytes(bitLength); + int byteLength = PicnicUtilities.NumBytes(bitLength); for (int i = bitLength; i < byteLength * 8; i++) { - uint bit_i = Utils.GetBit(data, i); + uint bit_i = PicnicUtilities.GetBit(data, i); if (bit_i != 0) { return false; @@ -1146,7 +1146,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic byte[] challengeBits = sig.challengeBits; /* Validate input buffer is large enough */ - int bytesRequired = Utils.NumBytes(2 * numMPCRounds) + saltSizeBytes + + int bytesRequired = PicnicUtilities.NumBytes(2 * numMPCRounds) + saltSizeBytes + numMPCRounds * (2 * seedSizeBytes + stateSizeBytes + andSizeBytes + digestSizeBytes); if (transform == TRANSFORM_UR) @@ -1161,8 +1161,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic int sigByteIndex = sigOffset; - Array.Copy(challengeBits, 0, sigBytes, sigByteIndex, Utils.NumBytes(2 * numMPCRounds)); - sigByteIndex += Utils.NumBytes(2 * numMPCRounds); + Array.Copy(challengeBits, 0, sigBytes, sigByteIndex, PicnicUtilities.NumBytes(2 * numMPCRounds)); + sigByteIndex += PicnicUtilities.NumBytes(2 * numMPCRounds); Array.Copy(sig.salt, 0, sigBytes, sigByteIndex, saltSizeBytes); @@ -1204,7 +1204,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic private int GetChallenge(byte[] challenge, int round) { - return (Utils.GetBit(challenge, 2 * round + 1) << 1) | Utils.GetBit(challenge, 2 * round); + return (PicnicUtilities.GetBit(challenge, 2 * round + 1) << 1) | PicnicUtilities.GetBit(challenge, 2 * round); } private int SerializeSignature2(Signature2 sig, byte[] sigBytes, int sigOffset) @@ -1342,7 +1342,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic } Array.Copy(tmp, 0, view_byte, 0, stateSizeBytes); - Utils.ZeroTrailingBits(view_byte, stateSizeBits); + PicnicUtilities.ZeroTrailingBits(view_byte, stateSizeBits); Pack.LE_To_UInt32(view_byte, 0, views[k][j].inputShare); Array.Copy(tmp, stateSizeBytes, tape.tapes[j], 0, andSizeBytes); } @@ -1462,7 +1462,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* Depending on the number of rounds, we might not set part of the last * byte, make sure it's always zero. */ - challengeBits[Utils.NumBytes(numMPCRounds * 2) - 1] = 0; + challengeBits[PicnicUtilities.NumBytes(numMPCRounds * 2) - 1] = 0; digest.Update((byte) 1); @@ -1555,8 +1555,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* challenge must have length numBytes(numMPCRounds*2) * 0 <= index < numMPCRounds * trit must be in {0,1,2} */ - Utils.SetBit(challenge, 2 * round, (byte) (trit & 1)); - Utils.SetBit(challenge, 2 * round + 1, (byte) ((trit >> 1) & 1)); + PicnicUtilities.SetBit(challenge, 2 * round, (byte) (trit & 1)); + PicnicUtilities.SetBit(challenge, 2 * round + 1, (byte) ((trit >> 1) & 1)); } /* This is the random "permuatation" function G for Unruh's transform */ @@ -1585,7 +1585,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic private void mpc_LowMC(Tape tapes, View[] views, uint[] plaintext, uint[] slab) { - Utils.Fill(slab, 0, slab.Length, 0); + PicnicUtilities.Fill(slab, 0, slab.Length, 0); mpc_xor_constant(slab, 3 * stateSizeWords, plaintext, 0, stateSizeWords); @@ -1660,9 +1660,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic for (int j = 0; j < 3; j++) { stateOffset = ((3 + j) * stateSizeWords) * 32; - a[j] = Utils.GetBitFromWordArray(state, stateOffset + i + 2); - b[j] = Utils.GetBitFromWordArray(state, stateOffset + i + 1); - c[j] = Utils.GetBitFromWordArray(state, stateOffset + i); + a[j] = PicnicUtilities.GetBitFromWordArray(state, stateOffset + i + 2); + b[j] = PicnicUtilities.GetBitFromWordArray(state, stateOffset + i + 1); + c[j] = PicnicUtilities.GetBitFromWordArray(state, stateOffset + i); } mpc_AND(a, b, ab, rand, views); @@ -1672,9 +1672,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic for (int j = 0; j < 3; j++) { stateOffset = ((3 + j) * stateSizeWords) * 32; - Utils.SetBitInWordArray(state, stateOffset + i + 2, a[j] ^ (bc[j])); - Utils.SetBitInWordArray(state, stateOffset + i + 1, a[j] ^ b[j] ^ (ca[j])); - Utils.SetBitInWordArray(state, stateOffset + i, a[j] ^ b[j] ^ c[j] ^ (ab[j])); + PicnicUtilities.SetBitInWordArray(state, stateOffset + i + 2, a[j] ^ (bc[j])); + PicnicUtilities.SetBitInWordArray(state, stateOffset + i + 1, a[j] ^ b[j] ^ (ca[j])); + PicnicUtilities.SetBitInWordArray(state, stateOffset + i, a[j] ^ b[j] ^ c[j] ^ (ab[j])); } } } @@ -1684,9 +1684,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic { uint[] r = new uint[] { - Utils.GetBit(rand.tapes[0], rand.pos), - Utils.GetBit(rand.tapes[1], rand.pos), - Utils.GetBit(rand.tapes[2], rand.pos) + PicnicUtilities.GetBit(rand.tapes[0], rand.pos), + PicnicUtilities.GetBit(rand.tapes[1], rand.pos), + PicnicUtilities.GetBit(rand.tapes[2], rand.pos) }; for (int i = 0; i < 3; i++) @@ -1695,7 +1695,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic (in1[i] & in2[(i + 1) % 3]) ^ (in1[(i + 1) % 3] & in2[i]) ^ (in1[i] & in2[i]) ^ r[i] ^ r[(i + 1) % 3]; - Utils.SetBit(views[i].communicatedBits, rand.pos, (byte) (output[i] & 0xff)); + PicnicUtilities.SetBit(views[i].communicatedBits, rand.pos, (byte) (output[i] & 0xff)); } rand.pos++; @@ -1980,7 +1980,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic chunks[i] = 0; for (int j = 0; j < chunkLenBits; j++) { - chunks[i] += (uint) (Utils.GetBit(input, i * chunkLenBits + j) << j); + chunks[i] += (uint) (PicnicUtilities.GetBit(input, i * chunkLenBits + j) << j); } } @@ -2010,8 +2010,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic private void ExpandChallengeHash(byte[] challengeHash, uint[] challengeC, uint[] challengeP) { // Populate C - uint bitsPerChunkC = Utils.ceil_log2((uint)numMPCRounds); - uint bitsPerChunkP = Utils.ceil_log2((uint)numMPCParties); + uint bitsPerChunkC = PicnicUtilities.ceil_log2((uint)numMPCRounds); + uint bitsPerChunkP = PicnicUtilities.ceil_log2((uint)numMPCParties); uint[] chunks = new uint[digestSizeBytes * 8 / System.Math.Min(bitsPerChunkC, bitsPerChunkP)]; byte[] h = new byte[MAX_DIGEST_SIZE]; @@ -2080,7 +2080,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(input, 0, stateSizeBytes); for (int i = 0; i < numMPCParties; i++) { - int msgs_size = Utils.NumBytes(msg.pos); + int msgs_size = PicnicUtilities.NumBytes(msg.pos); digest.BlockUpdate(msg.msgs[i], 0, msgs_size); } @@ -2175,8 +2175,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic { for (int i = 0; i < numMPCParties; i++) { - uint w_i = Utils.GetBit(Pack.UInt32_To_LE(w), i); - Utils.SetBit(msg.msgs[i], msg.pos, (byte) (w_i & 0xff)); + uint w_i = PicnicUtilities.GetBit(Pack.UInt32_To_LE(w), i); + PicnicUtilities.SetBit(msg.msgs[i], msg.pos, (byte) (w_i & 0xff)); } msg.pos++; @@ -2191,27 +2191,27 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic if (msg.unopened >= 0) { - uint unopenedPartyBit = Utils.GetBit(msg.msgs[msg.unopened], msg.pos); - Utils.SetBit(temp, msg.unopened, (byte) (unopenedPartyBit & 0xff)); + uint unopenedPartyBit = PicnicUtilities.GetBit(msg.msgs[msg.unopened], msg.pos); + PicnicUtilities.SetBit(temp, msg.unopened, (byte) (unopenedPartyBit & 0xff)); s_shares = Pack.LE_To_UInt32(temp, 0); } // Broadcast each share of s WordToMsgs(s_shares, msg); - return Utils.Parity16(s_shares) ^ (a & b); + return PicnicUtilities.Parity16(s_shares) ^ (a & b); } private void mpc_sbox(uint[] state, uint[] state_masks, Tape tape, Msg msg) { for (int i = 0; i < numSboxes * 3; i += 3) { - uint a = Utils.GetBitFromWordArray(state, i + 2); + uint a = PicnicUtilities.GetBitFromWordArray(state, i + 2); uint mask_a = state_masks[i + 2]; - uint b = Utils.GetBitFromWordArray(state, i + 1); + uint b = PicnicUtilities.GetBitFromWordArray(state, i + 1); uint mask_b = state_masks[i + 1]; - uint c = Utils.GetBitFromWordArray(state, i); + uint c = PicnicUtilities.GetBitFromWordArray(state, i); uint mask_c = state_masks[i]; uint ab = mpc_AND(a, b, mask_a, mask_b, tape, msg); @@ -2222,9 +2222,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic uint e = a ^ b ^ ca; uint f = a ^ b ^ c ^ ab; - Utils.SetBitInWordArray(state, i + 2, d); - Utils.SetBitInWordArray(state, i + 1, e); - Utils.SetBitInWordArray(state, i, f); + PicnicUtilities.SetBitInWordArray(state, i + 2, d); + PicnicUtilities.SetBitInWordArray(state, i + 1, e); + PicnicUtilities.SetBitInWordArray(state, i, f); } } @@ -2232,13 +2232,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic { for (int i = 0; i < numSboxes * 3; i += 3) { - uint a = Utils.GetBitFromWordArray(input, i + 2); - uint b = Utils.GetBitFromWordArray(input, i + 1); - uint c = Utils.GetBitFromWordArray(input, i); + uint a = PicnicUtilities.GetBitFromWordArray(input, i + 2); + uint b = PicnicUtilities.GetBitFromWordArray(input, i + 1); + uint c = PicnicUtilities.GetBitFromWordArray(input, i); - uint d = Utils.GetBitFromWordArray(output, i + 2); - uint e = Utils.GetBitFromWordArray(output, i + 1); - uint f = Utils.GetBitFromWordArray(output, i); + uint d = PicnicUtilities.GetBitFromWordArray(output, i + 2); + uint e = PicnicUtilities.GetBitFromWordArray(output, i + 1); + uint f = PicnicUtilities.GetBitFromWordArray(output, i); uint fresh_output_mask_ab = f ^ a ^ b ^ c; uint fresh_output_mask_bc = d ^ a; @@ -2254,9 +2254,9 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic { int lastParty = numMPCParties - 1; uint and_helper = tape.TapesToWord(); - and_helper = Utils.Parity16(and_helper) ^ Utils.GetBit(tape.tapes[lastParty], tape.pos - 1); + and_helper = PicnicUtilities.Parity16(and_helper) ^ PicnicUtilities.GetBit(tape.tapes[lastParty], tape.pos - 1); uint aux_bit = (mask_a & mask_b) ^ and_helper ^ fresh_output_mask; - Utils.SetBit(tape.tapes[lastParty], tape.pos - 1, (byte) (aux_bit & 0xff)); + PicnicUtilities.SetBit(tape.tapes[lastParty], tape.pos - 1, (byte) (aux_bit & 0xff)); } @@ -2292,7 +2292,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic for (int i = 0; i < n; i++) { - Utils.SetBit(output, pos++, Utils.GetBit(lastTape, tapePos++)); + PicnicUtilities.SetBit(output, pos++, PicnicUtilities.GetBit(lastTape, tapePos++)); } } } @@ -2398,12 +2398,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic // generate a private key random.NextBytes(data_bytes, 0, stateSizeBytes); - Utils.ZeroTrailingBits(data_bytes, stateSizeBits); + PicnicUtilities.ZeroTrailingBits(data_bytes, stateSizeBits); Pack.LE_To_UInt32(data_bytes, 0, data); // generate a plaintext block random.NextBytes(plaintext_bytes, 0, stateSizeBytes); - Utils.ZeroTrailingBits(plaintext_bytes, stateSizeBits); + PicnicUtilities.ZeroTrailingBits(plaintext_bytes, stateSizeBits); Pack.LE_To_UInt32(plaintext_bytes, 0, plaintext); // compute ciphertext @@ -2450,13 +2450,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic { for (int i = 0; i < numSboxes * 3; i += 3) { - uint a = Utils.GetBitFromWordArray(state, i + 2); - uint b = Utils.GetBitFromWordArray(state, i + 1); - uint c = Utils.GetBitFromWordArray(state, i); + uint a = PicnicUtilities.GetBitFromWordArray(state, i + 2); + uint b = PicnicUtilities.GetBitFromWordArray(state, i + 1); + uint c = PicnicUtilities.GetBitFromWordArray(state, i); - Utils.SetBitInWordArray(state, i + 2, (a ^ (b & c))); - Utils.SetBitInWordArray(state, i + 1, (a ^ b ^ (a & c))); - Utils.SetBitInWordArray(state, i, (a ^ b ^ c ^ (a & b))); + PicnicUtilities.SetBitInWordArray(state, i + 2, (a ^ (b & c))); + PicnicUtilities.SetBitInWordArray(state, i + 1, (a ^ b ^ (a & c))); + PicnicUtilities.SetBitInWordArray(state, i, (a ^ b ^ c ^ (a & b))); } } @@ -2502,12 +2502,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic for (int j = wholeWords * WORD_SIZE_BITS; j < stateSizeBits; j++) { int index = i * stateSizeWords * WORD_SIZE_BITS + j; - uint bit = Utils.GetBitFromWordArray(state, stateOffset * 32 + j) - & Utils.GetBitFromWordArray(matrix, matrixOffset * 32 + index); + uint bit = PicnicUtilities.GetBitFromWordArray(state, stateOffset * 32 + j) + & PicnicUtilities.GetBitFromWordArray(matrix, matrixOffset * 32 + index); prod ^= bit; } - Utils.SetBit(temp, i, Utils.Parity32(prod)); + PicnicUtilities.SetBit(temp, i, PicnicUtilities.Parity32(prod)); } Array.Copy(temp, 0, output, outputOffset, stateSizeWords); diff --git a/crypto/src/pqc/crypto/picnic/PicnicKeyGenerationParameters.cs b/crypto/src/pqc/crypto/picnic/PicnicKeyGenerationParameters.cs index fe99ba78d..64dfbb5c2 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicKeyGenerationParameters.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicKeyGenerationParameters.cs @@ -4,19 +4,16 @@ using Org.BouncyCastle.Security; namespace Org.BouncyCastle.Pqc.Crypto.Picnic { public class PicnicKeyGenerationParameters - : KeyGenerationParameters + : KeyGenerationParameters { - private PicnicParameters parameters; + private readonly PicnicParameters m_parameters; public PicnicKeyGenerationParameters(SecureRandom random, PicnicParameters parameters) : base(random, 255) { - this.parameters = parameters; + m_parameters = parameters; } - public PicnicParameters GetParameters() - { - return parameters; - } + public PicnicParameters Parameters => m_parameters; } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/picnic/PicnicKeyPairGenerator.cs b/crypto/src/pqc/crypto/picnic/PicnicKeyPairGenerator.cs index fd5e441a2..3298019f7 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicKeyPairGenerator.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicKeyPairGenerator.cs @@ -1,4 +1,3 @@ - using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security; @@ -6,7 +5,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic { public class PicnicKeyPairGenerator : IAsymmetricCipherKeyPairGenerator - { private SecureRandom random; private PicnicParameters parameters; @@ -14,7 +12,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic public void Init(KeyGenerationParameters param) { random = param.Random; - parameters = ((PicnicKeyGenerationParameters) param).GetParameters(); + parameters = ((PicnicKeyGenerationParameters) param).Parameters; } public AsymmetricCipherKeyPair GenerateKeyPair() diff --git a/crypto/src/pqc/crypto/picnic/PicnicKeyParameters.cs b/crypto/src/pqc/crypto/picnic/PicnicKeyParameters.cs index a98331455..3d1fc6cc4 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicKeyParameters.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicKeyParameters.cs @@ -1,20 +1,18 @@ - using Org.BouncyCastle.Crypto; namespace Org.BouncyCastle.Pqc.Crypto.Picnic { - public class PicnicKeyParameters + public abstract class PicnicKeyParameters : AsymmetricKeyParameter { - - PicnicParameters parameters; + private readonly PicnicParameters m_parameters; public PicnicKeyParameters(bool isPrivate, PicnicParameters parameters) : base(isPrivate) { - this.parameters = parameters; + m_parameters = parameters; } - public PicnicParameters Parameters => parameters; + public PicnicParameters Parameters => m_parameters; } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/picnic/PicnicParameters.cs b/crypto/src/pqc/crypto/picnic/PicnicParameters.cs index 24ade6676..81892193e 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicParameters.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicParameters.cs @@ -1,5 +1,3 @@ - -using System; using Org.BouncyCastle.Crypto; namespace Org.BouncyCastle.Pqc.Crypto.Picnic diff --git a/crypto/src/pqc/crypto/picnic/PicnicPrivateKeyParameters.cs b/crypto/src/pqc/crypto/picnic/PicnicPrivateKeyParameters.cs index dab1db1d8..77514f76c 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicPrivateKeyParameters.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicPrivateKeyParameters.cs @@ -1,22 +1,21 @@ - using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Picnic { - public class PicnicPrivateKeyParameters + public sealed class PicnicPrivateKeyParameters : PicnicKeyParameters { - private byte[] privateKey; + private readonly byte[] m_privateKey; public PicnicPrivateKeyParameters(PicnicParameters parameters, byte[] skEncoded) : base(true, parameters) { - privateKey = Arrays.Clone(skEncoded); + m_privateKey = Arrays.Clone(skEncoded); } public byte[] GetEncoded() { - return Arrays.Clone(privateKey); + return Arrays.Clone(m_privateKey); } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/picnic/PicnicPublicKeyParameters.cs b/crypto/src/pqc/crypto/picnic/PicnicPublicKeyParameters.cs index 901979d0f..379afb850 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicPublicKeyParameters.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicPublicKeyParameters.cs @@ -1,24 +1,21 @@ - using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Picnic { - public class PicnicPublicKeyParameters + public sealed class PicnicPublicKeyParameters : PicnicKeyParameters { + private readonly byte[] m_publicKey; - private byte[] publicKey; - - public PicnicPublicKeyParameters(PicnicParameters parameters, byte[] pkEncoded) - : base(false, parameters) - { - publicKey = Arrays.Clone(pkEncoded); - } - - public byte[] GetEncoded() - { - return Arrays.Clone(publicKey); - } + public PicnicPublicKeyParameters(PicnicParameters parameters, byte[] pkEncoded) + : base(false, parameters) + { + m_publicKey = Arrays.Clone(pkEncoded); + } + public byte[] GetEncoded() + { + return Arrays.Clone(m_publicKey); + } } -} \ No newline at end of file +} diff --git a/crypto/src/pqc/crypto/picnic/PicnicSigner.cs b/crypto/src/pqc/crypto/picnic/PicnicSigner.cs index 5f3d5d67c..a6eee2400 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicSigner.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicSigner.cs @@ -1,19 +1,17 @@ -using System; - using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Security; using Org.BouncyCastle.Utilities; namespace Org.BouncyCastle.Pqc.Crypto.Picnic { - public class PicnicSigner + public sealed class PicnicSigner : IMessageSigner { + private readonly SecureRandom random; + private PicnicPrivateKeyParameters privKey; private PicnicPublicKeyParameters pubKey; - private SecureRandom random; - public PicnicSigner(SecureRandom random) { this.random = random; diff --git a/crypto/src/pqc/crypto/picnic/PicnicUtilities.cs b/crypto/src/pqc/crypto/picnic/PicnicUtilities.cs new file mode 100644 index 000000000..c3be46840 --- /dev/null +++ b/crypto/src/pqc/crypto/picnic/PicnicUtilities.cs @@ -0,0 +1,162 @@ +namespace Org.BouncyCastle.Pqc.Crypto.Picnic +{ + internal static class PicnicUtilities + { + internal static void Fill(uint[] buf, int from, int to, uint b) + { + for (int i = from; i < to; ++i) + { + buf[i] = b; + } + } + internal static int NumBytes(int numBits) + { + return (numBits + 7) >> 3; + } + + internal static uint ceil_log2(uint x) + { + if (x == 0) + { + return 0; + } + + return 32 - nlz(x - 1); + } + + private static uint nlz(uint x) + { + uint n; + + if (x == 0) return (32); + n = 1; + if ((x >> 16) == 0) + { + n = n + 16; + x = x << 16; + } + + if ((x >> 24) == 0) + { + n = n + 8; + x = x << 8; + } + + if ((x >> 28) == 0) + { + n = n + 4; + x = x << 4; + } + + if ((x >> 30) == 0) + { + n = n + 2; + x = x << 2; + } + + n = (n - (x >> 31)); + + return n; + } + + internal static int Parity(byte[] data, int len) + { + byte x = data[0]; + + for (int i = 1; i < len; i++) + { + x ^= data[i]; + } + + /* Compute parity of x using code from Section 5-2 of + * H.S. Warren, *Hacker's Delight*, Pearson Education, 2003. + * http://www.hackersdelight.org/hdcodetxt/parity.c.txt + */ + int y = x ^ (x >> 1); + y ^= (y >> 2); + y ^= (y >> 4); + y ^= (y >> 8); + y ^= (y >> 16); + return y & 1; + } + + internal static uint Parity16(uint x) + { + uint y = x ^ (x >> 1); + + y ^= (y >> 2); + y ^= (y >> 4); + y ^= (y >> 8); + return y & 1; + } + + internal static uint Parity32(uint x) + { + /* Compute parity of x using code from Section 5-2 of + * H.S. Warren, *Hacker's Delight*, Pearson Education, 2003. + * http://www.hackersdelight.org/hdcodetxt/parity.c.txt + */ + uint y = (x ^ (x >> 1)); + y ^= (y >> 2); + y ^= (y >> 4); + y ^= (y >> 8); + y ^= (y >> 16); + return (y & 1); + } + + + /* Set a specific bit in a byte array to a given value */ + internal static void SetBitInWordArray(uint[] array, int bitNumber, uint val) + { + SetBit(array, bitNumber, val); + } + + /* Get one bit from a 32-bit int array */ + internal static uint GetBitFromWordArray(uint[] array, int bitNumber) + { + return GetBit(array, bitNumber); + } + + /* Get one bit from a byte array */ + internal static byte GetBit(byte[] array, int bitNumber) + { + int arrayPos = bitNumber >> 3, bitPos = (bitNumber & 7) ^ 7; + return (byte)((array[arrayPos] >> bitPos) & 1); + } + + /* Get one bit from a byte array */ + internal static uint GetBit(uint[] array, int bitNumber) + { + int arrayPos = bitNumber >> 5, bitPos = (bitNumber & 31) ^ 7; + return (array[arrayPos] >> bitPos) & 1; + } + + internal static void SetBit(byte[] array, int bitNumber, byte val) + { + int arrayPos = bitNumber >> 3, bitPos = (bitNumber & 7) ^ 7; + uint t = array[arrayPos]; + t &= ~(1U << bitPos); + t |= (uint)val << bitPos; + array[arrayPos] = (byte)t; + } + + /* Set a specific bit in a int array to a given value */ + internal static void SetBit(uint[] array, int bitNumber, uint val) + { + int arrayPos = bitNumber >> 5, bitPos = (bitNumber & 31) ^ 7; + uint t = array[arrayPos]; + t &= ~(1U << bitPos); + t |= val << bitPos; + array[arrayPos] = t; + } + + internal static void ZeroTrailingBits(byte[] data, int bitLength) + { + int partial = bitLength & 7; + if (partial != 0) + { + data[bitLength >> 3] &= (byte)(0xFF00 >> partial); + } + } + } +} diff --git a/crypto/src/pqc/crypto/picnic/Signature.cs b/crypto/src/pqc/crypto/picnic/Signature.cs index 9333da0d1..edb70b5a6 100644 --- a/crypto/src/pqc/crypto/picnic/Signature.cs +++ b/crypto/src/pqc/crypto/picnic/Signature.cs @@ -1,6 +1,6 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic { - public class Signature + internal class Signature { internal byte[] challengeBits; internal byte[] salt; @@ -9,7 +9,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic internal Signature(PicnicEngine engine) { salt = new byte[PicnicEngine.saltSizeBytes]; - challengeBits = new byte[Utils.NumBytes(engine.numMPCRounds * 2)]; + challengeBits = new byte[PicnicUtilities.NumBytes(engine.numMPCRounds * 2)]; proofs = new Proof[engine.numMPCRounds]; for (int i = 0; i < proofs.Length; i++) { @@ -17,7 +17,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic } } - public class Proof + internal class Proof { internal byte[] seed1; internal byte[] seed2; diff --git a/crypto/src/pqc/crypto/picnic/Tape.cs b/crypto/src/pqc/crypto/picnic/Tape.cs index c433b3267..9f72bc4dd 100644 --- a/crypto/src/pqc/crypto/picnic/Tape.cs +++ b/crypto/src/pqc/crypto/picnic/Tape.cs @@ -9,7 +9,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic internal int pos; int nTapes; - private PicnicEngine engine; + private readonly PicnicEngine engine; internal Tape(PicnicEngine engine) { @@ -33,7 +33,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic { for(int i = 0; i < n; i++) { - Utils.SetBit(this.tapes[last], n + n*2*j + i, Utils.GetBit(input, pos++)); + PicnicUtilities.SetBit(this.tapes[last], n + n*2*j + i, PicnicUtilities.GetBit(input, pos++)); } } } @@ -108,7 +108,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic { for (int i = 0; i < outputBitLen; i++) { - Utils.SetBitInWordArray(output, i, Utils.Parity16(TapesToWord())); + PicnicUtilities.SetBitInWordArray(output, i, PicnicUtilities.Parity16(TapesToWord())); } } @@ -118,8 +118,8 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic for (int i = 0; i < 16; i++) { - byte bit = Utils.GetBit(this.tapes[i], this.pos); - Utils.SetBit(shares, i, bit); + byte bit = PicnicUtilities.GetBit(this.tapes[i], this.pos); + PicnicUtilities.SetBit(shares, i, bit); } this.pos++; return Pack.LE_To_UInt32(shares, 0); diff --git a/crypto/src/pqc/crypto/picnic/Tree.cs b/crypto/src/pqc/crypto/picnic/Tree.cs index 80b2f87ba..52b36f1c8 100644 --- a/crypto/src/pqc/crypto/picnic/Tree.cs +++ b/crypto/src/pqc/crypto/picnic/Tree.cs @@ -36,7 +36,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic this.engine = engine; MAX_AUX_BYTES = ((PicnicEngine.LOWMC_MAX_AND_GATES + PicnicEngine.LOWMC_MAX_KEY_BITS) / 8 + 1); - this.depth = Utils.ceil_log2(numLeaves) + 1; + this.depth = PicnicUtilities.ceil_log2(numLeaves) + 1; this.numNodes = (uint)( ((1 << ((int)this.depth)) - 1) - ((1 << ((int)this.depth - 1)) - numLeaves)); /* Num nodes in complete - number of missing leaves */ diff --git a/crypto/src/pqc/crypto/picnic/Utils.cs b/crypto/src/pqc/crypto/picnic/Utils.cs deleted file mode 100644 index 8e0bdc6ff..000000000 --- a/crypto/src/pqc/crypto/picnic/Utils.cs +++ /dev/null @@ -1,162 +0,0 @@ -namespace Org.BouncyCastle.Pqc.Crypto.Picnic -{ - internal static class Utils - { - internal static void Fill(uint[] buf, int from, int to, uint b) - { - for (int i = from; i < to; ++i) - { - buf[i] = b; - } - } - internal static int NumBytes(int numBits) - { - return (numBits + 7) >> 3; - } - - internal static uint ceil_log2(uint x) - { - if (x == 0) - { - return 0; - } - - return 32 - nlz(x - 1); - } - - private static uint nlz(uint x) - { - uint n; - - if (x == 0) return (32); - n = 1; - if ((x >> 16) == 0) - { - n = n + 16; - x = x << 16; - } - - if ((x >> 24) == 0) - { - n = n + 8; - x = x << 8; - } - - if ((x >> 28) == 0) - { - n = n + 4; - x = x << 4; - } - - if ((x >> 30) == 0) - { - n = n + 2; - x = x << 2; - } - - n = (n - (x >> 31)); - - return n; - } - - internal static int Parity(byte[] data, int len) - { - byte x = data[0]; - - for (int i = 1; i < len; i++) - { - x ^= data[i]; - } - - /* Compute parity of x using code from Section 5-2 of - * H.S. Warren, *Hacker's Delight*, Pearson Education, 2003. - * http://www.hackersdelight.org/hdcodetxt/parity.c.txt - */ - int y = x ^ (x >> 1); - y ^= (y >> 2); - y ^= (y >> 4); - y ^= (y >> 8); - y ^= (y >> 16); - return y & 1; - } - - internal static uint Parity16(uint x) - { - uint y = x ^ (x >> 1); - - y ^= (y >> 2); - y ^= (y >> 4); - y ^= (y >> 8); - return y & 1; - } - - internal static uint Parity32(uint x) - { - /* Compute parity of x using code from Section 5-2 of - * H.S. Warren, *Hacker's Delight*, Pearson Education, 2003. - * http://www.hackersdelight.org/hdcodetxt/parity.c.txt - */ - uint y = (x ^ (x >> 1)); - y ^= (y >> 2); - y ^= (y >> 4); - y ^= (y >> 8); - y ^= (y >> 16); - return (y & 1); - } - - - /* Set a specific bit in a byte array to a given value */ - internal static void SetBitInWordArray(uint[] array, int bitNumber, uint val) - { - SetBit(array, bitNumber, val); - } - - /* Get one bit from a 32-bit int array */ - internal static uint GetBitFromWordArray(uint[] array, int bitNumber) - { - return GetBit(array, bitNumber); - } - - /* Get one bit from a byte array */ - internal static byte GetBit(byte[] array, int bitNumber) - { - int arrayPos = bitNumber >> 3, bitPos = (bitNumber & 7) ^ 7; - return (byte)((array[arrayPos] >> bitPos) & 1); - } - - /* Get one bit from a byte array */ - internal static uint GetBit(uint[] array, int bitNumber) - { - int arrayPos = bitNumber >> 5, bitPos = (bitNumber & 31) ^ 7; - return (array[arrayPos] >> bitPos) & 1; - } - - internal static void SetBit(byte[] array, int bitNumber, byte val) - { - int arrayPos = bitNumber >> 3, bitPos = (bitNumber & 7) ^ 7; - uint t = array[arrayPos]; - t &= ~(1U << bitPos); - t |= (uint)val << bitPos; - array[arrayPos] = (byte)t; - } - - /* Set a specific bit in a int array to a given value */ - internal static void SetBit(uint[] array, int bitNumber, uint val) - { - int arrayPos = bitNumber >> 5, bitPos = (bitNumber & 31) ^ 7; - uint t = array[arrayPos]; - t &= ~(1U << bitPos); - t |= val << bitPos; - array[arrayPos] = t; - } - - internal static void ZeroTrailingBits(byte[] data, int bitLength) - { - int partial = bitLength & 7; - if (partial != 0) - { - data[bitLength >> 3] &= (byte)(0xFF00 >> partial); - } - } - } -} diff --git a/crypto/src/tls/Certificate.cs b/crypto/src/tls/Certificate.cs index 30b14368b..6cf9f5350 100644 --- a/crypto/src/tls/Certificate.cs +++ b/crypto/src/tls/Certificate.cs @@ -1,7 +1,7 @@ using System; using System.Collections.Generic; using System.IO; -using Org.BouncyCastle.Pqc.Crypto.Lms; + using Org.BouncyCastle.Tls.Crypto; namespace Org.BouncyCastle.Tls -- cgit 1.4.1