From 3046d8145e0cb90496c011f8144dd0910afa84c0 Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Tue, 11 Oct 2022 21:10:07 +0700 Subject: Change method names in IXof - distinct from IDigest methods and consistent with span-based methods --- crypto/src/crypto/IXof.cs | 4 +-- crypto/src/crypto/digests/Blake2xsDigest.cs | 8 ++--- crypto/src/crypto/digests/Blake3Digest.cs | 8 ++--- crypto/src/crypto/digests/CSHAKEDigest.cs | 4 +-- crypto/src/crypto/digests/ParallelHash.cs | 12 ++++---- crypto/src/crypto/digests/ShakeDigest.cs | 12 ++++---- crypto/src/crypto/digests/TupleHash.cs | 10 +++---- crypto/src/crypto/encodings/OaepEncoding.cs | 2 +- crypto/src/crypto/macs/KMac.cs | 10 +++---- crypto/src/crypto/signers/Ed448phSigner.cs | 2 +- crypto/src/crypto/signers/PssSigner.cs | 2 +- crypto/src/math/ec/rfc8032/Ed448.cs | 18 ++++++------ crypto/src/pqc/crypto/cmce/CmceEngine.cs | 14 ++++----- .../crypto/crystals/dilithium/DilithiumEngine.cs | 14 ++++----- crypto/src/pqc/crypto/crystals/dilithium/Poly.cs | 4 +-- .../src/pqc/crypto/crystals/dilithium/Symmetric.cs | 4 +-- crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs | 6 ++-- crypto/src/pqc/crypto/frodo/FrodoEngine.cs | 20 ++++++------- .../src/pqc/crypto/frodo/FrodoMatrixGenerator.cs | 2 +- crypto/src/pqc/crypto/picnic/PicnicEngine.cs | 34 +++++++++++----------- crypto/src/pqc/crypto/picnic/Tree.cs | 4 +-- crypto/src/pqc/crypto/saber/Poly.cs | 4 +-- crypto/src/pqc/crypto/saber/SABEREngine.cs | 2 +- crypto/src/pqc/crypto/sike/SIKEEngine.cs | 24 +++++++-------- crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs | 4 +-- crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs | 4 +-- .../pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs | 28 +++++++++--------- crypto/test/src/crypto/test/Blake2xsDigestTest.cs | 8 ++--- crypto/test/src/crypto/test/Blake3Test.cs | 4 +-- crypto/test/src/crypto/test/CSHAKETest.cs | 34 +++++++++++----------- crypto/test/src/crypto/test/KMACTest.cs | 32 ++++++++++---------- crypto/test/src/crypto/test/ParallelHashTest.cs | 6 ++-- crypto/test/src/crypto/test/ShakeDigestTest.cs | 16 +++++----- crypto/test/src/crypto/test/TupleHashTest.cs | 4 +-- crypto/test/src/math/ec/rfc8032/test/Ed448Test.cs | 4 +-- crypto/test/src/test/ParallelHashTest.cs | 6 ++-- crypto/test/src/test/TupleHashTest.cs | 4 +-- 37 files changed, 188 insertions(+), 190 deletions(-) (limited to 'crypto') diff --git a/crypto/src/crypto/IXof.cs b/crypto/src/crypto/IXof.cs index 8cddb2870..c2d53ca87 100644 --- a/crypto/src/crypto/IXof.cs +++ b/crypto/src/crypto/IXof.cs @@ -16,7 +16,7 @@ namespace Org.BouncyCastle.Crypto /// offset to start writing the bytes at. /// the number of output bytes requested. /// the number of bytes written - int DoFinal(byte[] output, int outOff, int outLen); + int OutputFinal(byte[] output, int outOff, int outLen); #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER /// @@ -35,7 +35,7 @@ namespace Org.BouncyCastle.Crypto /// offset to start writing the bytes at. /// the number of output bytes requested. /// the number of bytes written - int DoOutput(byte[] output, int outOff, int outLen); + int Output(byte[] output, int outOff, int outLen); #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER /// diff --git a/crypto/src/crypto/digests/Blake2xsDigest.cs b/crypto/src/crypto/digests/Blake2xsDigest.cs index 43bfbac18..ac7e8f611 100644 --- a/crypto/src/crypto/digests/Blake2xsDigest.cs +++ b/crypto/src/crypto/digests/Blake2xsDigest.cs @@ -223,7 +223,7 @@ namespace Org.BouncyCastle.Crypto.Digests */ public int DoFinal(byte[] output, int outOff) { - return DoFinal(output, outOff, digestLength); + return OutputFinal(output, outOff, digestLength); } /** @@ -234,9 +234,9 @@ namespace Org.BouncyCastle.Crypto.Digests * @param outOff offset to start writing the bytes at. * @param outLen the number of output bytes requested. */ - public int DoFinal(byte[] output, int outOff, int outLen) + public int OutputFinal(byte[] output, int outOff, int outLen) { - int ret = DoOutput(output, outOff, outLen); + int ret = Output(output, outOff, outLen); Reset(); @@ -252,7 +252,7 @@ namespace Org.BouncyCastle.Crypto.Digests * @param outLen the number of output bytes requested. * @return the number of bytes written */ - public int DoOutput(byte[] output, int outOff, int outLen) + public int Output(byte[] output, int outOff, int outLen) { #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER return Output(output.AsSpan(outOff, outLen)); diff --git a/crypto/src/crypto/digests/Blake3Digest.cs b/crypto/src/crypto/digests/Blake3Digest.cs index 3b85c8c24..720af805d 100644 --- a/crypto/src/crypto/digests/Blake3Digest.cs +++ b/crypto/src/crypto/digests/Blake3Digest.cs @@ -468,11 +468,11 @@ namespace Org.BouncyCastle.Crypto.Digests #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER return OutputFinal(pOutput.AsSpan(pOutOffset, GetDigestSize())); #else - return DoFinal(pOutput, pOutOffset, GetDigestSize()); + return OutputFinal(pOutput, pOutOffset, GetDigestSize()); #endif } - public int DoFinal(byte[] pOut, int pOutOffset, int pOutLen) + public int OutputFinal(byte[] pOut, int pOutOffset, int pOutLen) { #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER return OutputFinal(pOut.AsSpan(pOutOffset, pOutLen)); @@ -482,7 +482,7 @@ namespace Org.BouncyCastle.Crypto.Digests throw new InvalidOperationException(ERR_OUTPUTTING); /* Build the required output */ - int length = DoOutput(pOut, pOutOffset, pOutLen); + int length = Output(pOut, pOutOffset, pOutLen); /* reset the underlying digest and return the length */ Reset(); @@ -490,7 +490,7 @@ namespace Org.BouncyCastle.Crypto.Digests #endif } - public int DoOutput(byte[] pOut, int pOutOffset, int pOutLen) + public int Output(byte[] pOut, int pOutOffset, int pOutLen) { #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER return Output(pOut.AsSpan(pOutOffset, pOutLen)); diff --git a/crypto/src/crypto/digests/CSHAKEDigest.cs b/crypto/src/crypto/digests/CSHAKEDigest.cs index fc37b865c..15a6c6da0 100644 --- a/crypto/src/crypto/digests/CSHAKEDigest.cs +++ b/crypto/src/crypto/digests/CSHAKEDigest.cs @@ -78,11 +78,11 @@ namespace Org.BouncyCastle.Crypto.Digests get { return "CSHAKE" + fixedOutputLength; } } - public override int DoOutput(byte[] output, int outOff, int outLen) + public override int Output(byte[] output, int outOff, int outLen) { if (diff == null) { - return base.DoOutput(output, outOff, outLen); + return base.Output(output, outOff, outLen); } if (!squeezing) diff --git a/crypto/src/crypto/digests/ParallelHash.cs b/crypto/src/crypto/digests/ParallelHash.cs index 8054b2005..541d7f951 100644 --- a/crypto/src/crypto/digests/ParallelHash.cs +++ b/crypto/src/crypto/digests/ParallelHash.cs @@ -170,7 +170,7 @@ namespace Org.BouncyCastle.Crypto.Digests private void Compress(byte[] buf, int offSet, int len) { compressor.BlockUpdate(buf, offSet, len); - compressor.DoFinal(compressorBuffer, 0, compressorBuffer.Length); + compressor.OutputFinal(compressorBuffer, 0, compressorBuffer.Length); cshake.BlockUpdate(compressorBuffer, 0, compressorBuffer.Length); @@ -181,7 +181,7 @@ namespace Org.BouncyCastle.Crypto.Digests private void Compress(ReadOnlySpan input, int pos, int len) { compressor.BlockUpdate(input.Slice(pos, len)); - compressor.DoFinal(compressorBuffer, 0, compressorBuffer.Length); + compressor.OutputFinal(compressorBuffer, 0, compressorBuffer.Length); cshake.BlockUpdate(compressorBuffer, 0, compressorBuffer.Length); @@ -234,14 +234,14 @@ namespace Org.BouncyCastle.Crypto.Digests } #endif - public virtual int DoFinal(byte[] outBuf, int outOff, int outLen) + public virtual int OutputFinal(byte[] outBuf, int outOff, int outLen) { if (firstOutput) { WrapUp(outputLength); } - int rv = cshake.DoFinal(outBuf, outOff, outLen); + int rv = cshake.OutputFinal(outBuf, outOff, outLen); Reset(); @@ -264,14 +264,14 @@ namespace Org.BouncyCastle.Crypto.Digests } #endif - public virtual int DoOutput(byte[] outBuf, int outOff, int outLen) + public virtual int Output(byte[] outBuf, int outOff, int outLen) { if (firstOutput) { WrapUp(0); } - return cshake.DoOutput(outBuf, outOff, outLen); + return cshake.Output(outBuf, outOff, outLen); } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER diff --git a/crypto/src/crypto/digests/ShakeDigest.cs b/crypto/src/crypto/digests/ShakeDigest.cs index 17d262261..f99d44de9 100644 --- a/crypto/src/crypto/digests/ShakeDigest.cs +++ b/crypto/src/crypto/digests/ShakeDigest.cs @@ -53,19 +53,19 @@ namespace Org.BouncyCastle.Crypto.Digests public override int DoFinal(byte[] output, int outOff) { - return DoFinal(output, outOff, GetDigestSize()); + return OutputFinal(output, outOff, GetDigestSize()); } - public virtual int DoFinal(byte[] output, int outOff, int outLen) + public virtual int OutputFinal(byte[] output, int outOff, int outLen) { - int length = DoOutput(output, outOff, outLen); + int length = Output(output, outOff, outLen); Reset(); return length; } - public virtual int DoOutput(byte[] output, int outOff, int outLen) + public virtual int Output(byte[] output, int outOff, int outLen) { if (!squeezing) { @@ -110,13 +110,13 @@ namespace Org.BouncyCastle.Crypto.Digests */ protected override int DoFinal(byte[] output, int outOff, byte partialByte, int partialBits) { - return DoFinal(output, outOff, GetDigestSize(), partialByte, partialBits); + return OutputFinal(output, outOff, GetDigestSize(), partialByte, partialBits); } /* * TODO Possible API change to support partial-byte suffixes. */ - protected virtual int DoFinal(byte[] output, int outOff, int outLen, byte partialByte, int partialBits) + protected virtual int OutputFinal(byte[] output, int outOff, int outLen, byte partialByte, int partialBits) { if (partialBits < 0 || partialBits > 7) throw new ArgumentException("must be in the range [0,7]", "partialBits"); diff --git a/crypto/src/crypto/digests/TupleHash.cs b/crypto/src/crypto/digests/TupleHash.cs index 43030d5d5..a71ffb2c4 100644 --- a/crypto/src/crypto/digests/TupleHash.cs +++ b/crypto/src/crypto/digests/TupleHash.cs @@ -89,31 +89,31 @@ namespace Org.BouncyCastle.Crypto.Digests public virtual int DoFinal(byte[] outBuf, int outOff) { - return DoFinal(outBuf, outOff, GetDigestSize()); + return OutputFinal(outBuf, outOff, GetDigestSize()); } - public virtual int DoFinal(byte[] outBuf, int outOff, int outLen) + public virtual int OutputFinal(byte[] outBuf, int outOff, int outLen) { if (firstOutput) { WrapUp(GetDigestSize()); } - int rv = cshake.DoFinal(outBuf, outOff, outLen); + int rv = cshake.OutputFinal(outBuf, outOff, outLen); Reset(); return rv; } - public virtual int DoOutput(byte[] outBuf, int outOff, int outLen) + public virtual int Output(byte[] outBuf, int outOff, int outLen) { if (firstOutput) { WrapUp(0); } - return cshake.DoOutput(outBuf, outOff, outLen); + return cshake.Output(outBuf, outOff, outLen); } public virtual void Reset() diff --git a/crypto/src/crypto/encodings/OaepEncoding.cs b/crypto/src/crypto/encodings/OaepEncoding.cs index af83a6f77..c151b7ac5 100644 --- a/crypto/src/crypto/encodings/OaepEncoding.cs +++ b/crypto/src/crypto/encodings/OaepEncoding.cs @@ -295,7 +295,7 @@ namespace Org.BouncyCastle.Crypto.Encodings { byte[] mask = new byte[length]; mgf1Hash.BlockUpdate(Z, zOff, zLen); - ((IXof)mgf1Hash).DoFinal(mask, 0, mask.Length); + ((IXof)mgf1Hash).OutputFinal(mask, 0, mask.Length); return mask; } diff --git a/crypto/src/crypto/macs/KMac.cs b/crypto/src/crypto/macs/KMac.cs index ce6c9f701..4dd754765 100644 --- a/crypto/src/crypto/macs/KMac.cs +++ b/crypto/src/crypto/macs/KMac.cs @@ -61,7 +61,7 @@ namespace Org.BouncyCastle.Crypto.Macs cshake.BlockUpdate(encOut, 0, encOut.Length); } - int rv = cshake.DoFinal(output, outOff, GetMacSize()); + int rv = cshake.OutputFinal(output, outOff, GetMacSize()); Reset(); @@ -89,7 +89,7 @@ namespace Org.BouncyCastle.Crypto.Macs } #endif - public int DoFinal(byte[] output, int outOff, int outLen) + public int OutputFinal(byte[] output, int outOff, int outLen) { if (firstOutput) { @@ -101,7 +101,7 @@ namespace Org.BouncyCastle.Crypto.Macs cshake.BlockUpdate(encOut, 0, encOut.Length); } - int rv = cshake.DoFinal(output, outOff, outLen); + int rv = cshake.OutputFinal(output, outOff, outLen); Reset(); @@ -129,7 +129,7 @@ namespace Org.BouncyCastle.Crypto.Macs } #endif - public int DoOutput(byte[] output, int outOff, int outLen) + public int Output(byte[] output, int outOff, int outLen) { if (firstOutput) { @@ -143,7 +143,7 @@ namespace Org.BouncyCastle.Crypto.Macs firstOutput = false; } - return cshake.DoOutput(output, outOff, outLen); + return cshake.Output(output, outOff, outLen); } #if NETCOREAPP2_1_OR_GREATER || NETSTANDARD2_1_OR_GREATER diff --git a/crypto/src/crypto/signers/Ed448phSigner.cs b/crypto/src/crypto/signers/Ed448phSigner.cs index 30d4a0aba..7ff9cfbbe 100644 --- a/crypto/src/crypto/signers/Ed448phSigner.cs +++ b/crypto/src/crypto/signers/Ed448phSigner.cs @@ -68,7 +68,7 @@ namespace Org.BouncyCastle.Crypto.Signers throw new InvalidOperationException("Ed448phSigner not initialised for signature generation."); byte[] msg = new byte[Ed448.PrehashSize]; - if (Ed448.PrehashSize != prehash.DoFinal(msg, 0, Ed448.PrehashSize)) + if (Ed448.PrehashSize != prehash.OutputFinal(msg, 0, Ed448.PrehashSize)) throw new InvalidOperationException("Prehash digest failed"); byte[] signature = new byte[Ed448PrivateKeyParameters.SignatureSize]; diff --git a/crypto/src/crypto/signers/PssSigner.cs b/crypto/src/crypto/signers/PssSigner.cs index b033bb251..6d34e6edd 100644 --- a/crypto/src/crypto/signers/PssSigner.cs +++ b/crypto/src/crypto/signers/PssSigner.cs @@ -358,7 +358,7 @@ namespace Org.BouncyCastle.Crypto.Signers { byte[] mask = new byte[length]; mgfDigest.BlockUpdate(Z, zOff, zLen); - ((IXof)mgfDigest).DoFinal(mask, 0, mask.Length); + ((IXof)mgfDigest).OutputFinal(mask, 0, mask.Length); return mask; } diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs index 24dab540a..b73aaa7f8 100644 --- a/crypto/src/math/ec/rfc8032/Ed448.cs +++ b/crypto/src/math/ec/rfc8032/Ed448.cs @@ -403,7 +403,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 byte[] h = new byte[ScalarBytes * 2]; d.BlockUpdate(sk, skOff, SecretKeySize); - d.DoFinal(h, 0, h.Length); + d.OutputFinal(h, 0, h.Length); byte[] s = new byte[ScalarBytes]; PruneScalar(h, 0, s); @@ -495,7 +495,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 Dom4(d, phflag, ctx); d.BlockUpdate(h, ScalarBytes, ScalarBytes); d.BlockUpdate(m, mOff, mLen); - d.DoFinal(h, 0, h.Length); + d.OutputFinal(h, 0, h.Length); byte[] r = ReduceScalar(h); byte[] R = new byte[PointBytes]; @@ -505,7 +505,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 d.BlockUpdate(R, 0, PointBytes); d.BlockUpdate(pk, pkOff, PointBytes); d.BlockUpdate(m, mOff, mLen); - d.DoFinal(h, 0, h.Length); + d.OutputFinal(h, 0, h.Length); byte[] k = ReduceScalar(h); byte[] S = CalculateS(r, k, s); @@ -524,7 +524,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 byte[] h = new byte[ScalarBytes * 2]; d.BlockUpdate(sk, skOff, SecretKeySize); - d.DoFinal(h, 0, h.Length); + d.OutputFinal(h, 0, h.Length); byte[] s = new byte[ScalarBytes]; PruneScalar(h, 0, s); @@ -545,7 +545,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 byte[] h = new byte[ScalarBytes * 2]; d.BlockUpdate(sk, skOff, SecretKeySize); - d.DoFinal(h, 0, h.Length); + d.OutputFinal(h, 0, h.Length); byte[] s = new byte[ScalarBytes]; PruneScalar(h, 0, s); @@ -580,7 +580,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 d.BlockUpdate(R, 0, PointBytes); d.BlockUpdate(pk, pkOff, PointBytes); d.BlockUpdate(m, mOff, mLen); - d.DoFinal(h, 0, h.Length); + d.OutputFinal(h, 0, h.Length); byte[] k = ReduceScalar(h); @@ -1726,7 +1726,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 public static void SignPrehash(byte[] sk, int skOff, byte[] ctx, IXof ph, byte[] sig, int sigOff) { byte[] m = new byte[PrehashSize]; - if (PrehashSize != ph.DoFinal(m, 0, PrehashSize)) + if (PrehashSize != ph.OutputFinal(m, 0, PrehashSize)) throw new ArgumentException("ph"); byte phflag = 0x01; @@ -1737,7 +1737,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 public static void SignPrehash(byte[] sk, int skOff, byte[] pk, int pkOff, byte[] ctx, IXof ph, byte[] sig, int sigOff) { byte[] m = new byte[PrehashSize]; - if (PrehashSize != ph.DoFinal(m, 0, PrehashSize)) + if (PrehashSize != ph.OutputFinal(m, 0, PrehashSize)) throw new ArgumentException("ph"); byte phflag = 0x01; @@ -1791,7 +1791,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032 public static bool VerifyPrehash(byte[] sig, int sigOff, byte[] pk, int pkOff, byte[] ctx, IXof ph) { byte[] m = new byte[PrehashSize]; - if (PrehashSize != ph.DoFinal(m, 0, PrehashSize)) + if (PrehashSize != ph.OutputFinal(m, 0, PrehashSize)) throw new ArgumentException("ph"); byte phflag = 0x01; diff --git a/crypto/src/pqc/crypto/cmce/CmceEngine.cs b/crypto/src/pqc/crypto/cmce/CmceEngine.cs index 41194e8a6..7dd404427 100644 --- a/crypto/src/pqc/crypto/cmce/CmceEngine.cs +++ b/crypto/src/pqc/crypto/cmce/CmceEngine.cs @@ -96,7 +96,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.Update(64); digest.BlockUpdate(sk, 0, 32); - ((IXof)digest).DoFinal(hash, 0, hash.Length); + ((IXof)digest).OutputFinal(hash, 0, hash.Length); for (int i = 0; i < (1 << GFBITS); i++) { @@ -123,7 +123,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.Update((byte)64); digest.BlockUpdate(sk, 0, 32); // input - ((IXof)digest).DoFinal(hash, 0, hash.Length); + ((IXof)digest).OutputFinal(hash, 0, hash.Length); // generate g @@ -213,7 +213,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce // SeededKeyGen - 1. Compute E = G(δ), a string of n + σ2q + σ1t + l bits. (3488 + 32*4096 + 16*64 + 256) digest.BlockUpdate(seed_a, 0, seed_a.Length); digest.BlockUpdate(seed_b, 0, seed_b.Length); - ((IXof)digest).DoFinal(E, 0, E.Length); + ((IXof)digest).OutputFinal(E, 0, E.Length); // Store the seeds generated // SeededKeyGen - 2. Define δ′ as the last l bits of E. @@ -532,7 +532,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.Update((byte)0x02); digest.BlockUpdate(error_vector, 0, error_vector.Length); // input - ((IXof)digest).DoFinal(cipher_text, SYND_BYTES, cipher_text.Length - SYND_BYTES); // output + ((IXof)digest).OutputFinal(cipher_text, SYND_BYTES, cipher_text.Length - SYND_BYTES); // output /* 2.4.5 Encapsulation @@ -543,7 +543,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce digest.Update((byte)0x01); digest.BlockUpdate(error_vector, 0, error_vector.Length); digest.BlockUpdate(cipher_text, 0, cipher_text.Length); // input - ((IXof)digest).DoFinal(key, 0, key.Length); // output + ((IXof)digest).OutputFinal(key, 0, key.Length); // output if (usePadding) { @@ -598,7 +598,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce IDigest digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.Update((byte)0x02); digest.BlockUpdate(error_vector, 0, error_vector.Length); // input - ((IXof)digest).DoFinal(conf, 0, conf.Length); // output + ((IXof)digest).OutputFinal(conf, 0, conf.Length); // output /* 2.3.3 Decapsulation @@ -640,7 +640,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Cmce // = SHAKE256(preimage, 32) digest = DigestUtilities.GetDigest(NistObjectIdentifiers.IdShake256); digest.BlockUpdate(preimage, 0, preimage.Length); // input - ((IXof)digest).DoFinal(key, 0, key.Length); // output + ((IXof)digest).OutputFinal(key, 0, key.Length); // output // clear outputs (set to all 1's) if padding bits are not all zero diff --git a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs index 9648167d1..4ba769984 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/DilithiumEngine.cs @@ -141,7 +141,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest Shake256Digest = new ShakeDigest(256); Shake256Digest.BlockUpdate(SeedBuf, 0, SeedBytes); - Shake256Digest.DoFinal(buf, 0, 2 * SeedBytes + CrhBytes); + Shake256Digest.OutputFinal(buf, 0, 2 * SeedBytes + CrhBytes); rho = Arrays.CopyOfRange(buf, 0, SeedBytes); rhoPrime = Arrays.CopyOfRange(buf, SeedBytes, SeedBytes + CrhBytes); @@ -171,7 +171,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium Shake256Digest.BlockUpdate(rho, 0, rho.Length); Shake256Digest.BlockUpdate(encT1, 0, encT1.Length); - Shake256Digest.DoFinal(tr, 0, SeedBytes); + Shake256Digest.OutputFinal(tr, 0, SeedBytes); Packing.PackSecretKey(t0_, s1_, s2_, t0, s1, s2, this); } @@ -192,7 +192,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest ShakeDigest256 = new ShakeDigest(256); ShakeDigest256.BlockUpdate(tr, 0, SeedBytes); ShakeDigest256.BlockUpdate(msg, 0, msglen); - ShakeDigest256.DoFinal(mu, 0, CrhBytes); + ShakeDigest256.OutputFinal(mu, 0, CrhBytes); if (_random != null) { @@ -203,7 +203,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium byte[] KeyMu = Arrays.CopyOf(key, SeedBytes + CrhBytes); Array.Copy(mu, 0, KeyMu, SeedBytes, CrhBytes); ShakeDigest256.BlockUpdate(KeyMu, 0, SeedBytes + CrhBytes); - ShakeDigest256.DoFinal(rhoPrime, 0, CrhBytes); + ShakeDigest256.OutputFinal(rhoPrime, 0, CrhBytes); } Matrix.ExpandMatrix(rho); @@ -229,7 +229,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest256.BlockUpdate(mu, 0, CrhBytes); ShakeDigest256.BlockUpdate(sig, 0, K * PolyW1PackedBytes); - ShakeDigest256.DoFinal(sig, 0, SeedBytes); + ShakeDigest256.OutputFinal(sig, 0, SeedBytes); cp.Challenge(sig); @@ -311,7 +311,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest Shake256Digest = new ShakeDigest(256); Shake256Digest.BlockUpdate(rho, 0, rho.Length); Shake256Digest.BlockUpdate(encT1, 0, encT1.Length); - Shake256Digest.DoFinal(mu, 0, SeedBytes); + Shake256Digest.OutputFinal(mu, 0, SeedBytes); Shake256Digest.BlockUpdate(mu, 0, SeedBytes); Shake256Digest.BlockUpdate(msg, 0, msglen); @@ -341,7 +341,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium Shake256Digest.BlockUpdate(mu, 0, CrhBytes); Shake256Digest.BlockUpdate(buf, 0, K * PolyW1PackedBytes); - Shake256Digest.DoFinal(c2, 0, SeedBytes); + Shake256Digest.OutputFinal(c2, 0, SeedBytes); for (int i = 0; i < SeedBytes; ++i) { diff --git a/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs b/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs index 6978796c4..eb209f8a2 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/Poly.cs @@ -591,7 +591,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium ShakeDigest ShakeDigest256 = new ShakeDigest(256); ShakeDigest256.BlockUpdate(seed, 0, DilithiumEngine.SeedBytes); - ShakeDigest256.DoOutput(buf, 0, Symmetric.Stream256BlockBytes); + ShakeDigest256.Output(buf, 0, Symmetric.Stream256BlockBytes); signs = 0; for (i = 0; i < 8; ++i) @@ -612,7 +612,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium { if (pos >= Symmetric.Stream256BlockBytes) { - ShakeDigest256.DoOutput(buf, 0, Symmetric.Stream256BlockBytes); + ShakeDigest256.Output(buf, 0, Symmetric.Stream256BlockBytes); pos = 0; } b = (buf[pos++] & 0xFF); diff --git a/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs b/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs index d025b98fd..b3836ef87 100644 --- a/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs +++ b/crypto/src/pqc/crypto/crystals/dilithium/Symmetric.cs @@ -116,12 +116,12 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Dilithium internal override void Stream128SqueezeBlocks(byte[] output, int offset, int size) { - digest128.DoOutput(output, offset, size); + digest128.Output(output, offset, size); } internal override void Stream256SqueezeBlocks(byte[] output, int offset, int size) { - digest256.DoOutput(output, offset, size); + digest256.Output(output, offset, size); } } } diff --git a/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs b/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs index b618d7bce..bea8cae54 100644 --- a/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs +++ b/crypto/src/pqc/crypto/crystals/kyber/Symmetric.cs @@ -71,7 +71,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber internal override void XofSqueezeBlocks(byte[] output, int outOffset, int outLen) { - xof.DoOutput(output, outOffset, outLen); + xof.Output(output, outOffset, outLen); } internal override void Prf(byte[] output, byte[] seed, byte nonce) @@ -80,13 +80,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Crystals.Kyber Array.Copy(seed, 0, extSeed, 0, seed.Length); extSeed[seed.Length] = nonce; shakeDigest.BlockUpdate(extSeed, 0, extSeed.Length); - shakeDigest.DoFinal(output, 0, output.Length); + shakeDigest.OutputFinal(output, 0, output.Length); } internal override void Kdf(byte[] output, byte[] input) { shakeDigest.BlockUpdate(input, 0, input.Length); - shakeDigest.DoFinal(output, 0, output.Length); + shakeDigest.OutputFinal(output, 0, output.Length); } } diff --git a/crypto/src/pqc/crypto/frodo/FrodoEngine.cs b/crypto/src/pqc/crypto/frodo/FrodoEngine.cs index 2f9c50921..7fefb4767 100644 --- a/crypto/src/pqc/crypto/frodo/FrodoEngine.cs +++ b/crypto/src/pqc/crypto/frodo/FrodoEngine.cs @@ -223,7 +223,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo // 2. Generate pseudorandom seed seedA = SHAKE(z, len_seedA) (length in bits) byte[] seedA = new byte[len_seedA_bytes]; digest.BlockUpdate(z, 0, z.Length); - ((IXof) digest).DoFinal(seedA, 0, seedA.Length); + ((IXof) digest).OutputFinal(seedA, 0, seedA.Length); // 3. A = Frodo.Gen(seedA) short[] A = gen.GenMatrix(seedA); @@ -233,7 +233,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo digest.Update((byte) 0x5f); digest.BlockUpdate(seedSE, 0, seedSE.Length); - ((IXof) digest).DoFinal(rbytes, 0, rbytes.Length); + ((IXof) digest).OutputFinal(rbytes, 0, rbytes.Length); short[] r = new short[2 * n * nbar]; for (int i = 0; i < r.Length; i++) @@ -258,7 +258,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo byte[] pkh = new byte[len_pkh_bytes]; digest.BlockUpdate(pk, 0, pk.Length); - ((IXof) digest).DoFinal(pkh, 0, pkh.Length); + ((IXof) digest).OutputFinal(pkh, 0, pkh.Length); //10. sk = (s || seedA || b, S^T, pkh) Array.Copy(Arrays.Concatenate(s, pk), 0, @@ -377,13 +377,13 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo // 2. pkh = SHAKE(pk, len_pkh) byte[] pkh = new byte[len_pkh_bytes]; digest.BlockUpdate(pk, 0, len_pk_bytes); - ((IXof) digest).DoFinal(pkh, 0, len_pkh_bytes); + ((IXof) digest).OutputFinal(pkh, 0, len_pkh_bytes); // 3. seedSE || k = SHAKE(pkh || mu, len_seedSE + len_k) (length in bits) byte[] seedSE_k = new byte[len_seedSE + len_k]; digest.BlockUpdate(pkh, 0, len_pkh_bytes); digest.BlockUpdate(mu, 0, len_mu_bytes); - ((IXof) digest).DoFinal(seedSE_k, 0, len_seedSE_bytes + len_k_bytes); + ((IXof) digest).OutputFinal(seedSE_k, 0, len_seedSE_bytes + len_k_bytes); byte[] seedSE = Arrays.CopyOfRange(seedSE_k, 0, len_seedSE_bytes); byte[] k = Arrays.CopyOfRange(seedSE_k, len_seedSE_bytes, len_seedSE_bytes + len_k_bytes); @@ -392,7 +392,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo byte[] rbytes = new byte[(2 * mbar * n + mbar * nbar) * len_chi_bytes]; digest.Update((byte) 0x96); digest.BlockUpdate(seedSE, 0, seedSE.Length); - ((IXof) digest).DoFinal(rbytes, 0, rbytes.Length); + ((IXof) digest).OutputFinal(rbytes, 0, rbytes.Length); short[] r = new short[rbytes.Length / 2]; for (int i = 0; i < r.Length; i++) @@ -436,7 +436,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo digest.BlockUpdate(c1, 0, c1.Length); digest.BlockUpdate(c2, 0, c2.Length); digest.BlockUpdate(k, 0, len_k_bytes); - ((IXof) digest).DoFinal(ss, 0, len_s_bytes); + ((IXof) digest).OutputFinal(ss, 0, len_s_bytes); } private short[] MatrixSub(short[] X, short[] Y, int n1, int n2) @@ -568,7 +568,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo byte[] seedSEprime_kprime = new byte[len_seedSE_bytes + len_k_bytes]; digest.BlockUpdate(pkh, 0, len_pkh_bytes); digest.BlockUpdate(muprime, 0, len_mu_bytes); - ((IXof) digest).DoFinal(seedSEprime_kprime, 0, len_seedSE_bytes + len_k_bytes); + ((IXof) digest).OutputFinal(seedSEprime_kprime, 0, len_seedSE_bytes + len_k_bytes); byte[] kprime = Arrays.CopyOfRange(seedSEprime_kprime, len_seedSE_bytes, len_seedSE_bytes + len_k_bytes); @@ -576,7 +576,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo byte[] rbytes = new byte[(2 * mbar * n + mbar * mbar) * len_chi_bytes]; digest.Update((byte) 0x96); digest.BlockUpdate(seedSEprime_kprime, 0, len_seedSE_bytes); - ((IXof) digest).DoFinal(rbytes, 0, rbytes.Length); + ((IXof) digest).OutputFinal(rbytes, 0, rbytes.Length); short[] r = new short[2 * mbar * n + mbar * nbar]; for (int i = 0; i < r.Length; i++) @@ -620,7 +620,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo digest.BlockUpdate(c1, 0, c1.Length); digest.BlockUpdate(c2, 0, c2.Length); digest.BlockUpdate(kbar, 0, kbar.Length); - ((IXof) digest).DoFinal(ss, 0, len_ss_bytes); + ((IXof) digest).OutputFinal(ss, 0, len_ss_bytes); } } diff --git a/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs b/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs index 01f1016a7..468e00fbd 100644 --- a/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs +++ b/crypto/src/pqc/crypto/frodo/FrodoMatrixGenerator.cs @@ -46,7 +46,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Frodo // 2. c_{i,0} || c_{i,1} || ... || c_{i,n-1} = SHAKE128(b, 16n) (length in bits) where each c_{i,j} is parsed as a 16-bit integer in little-endian byte order format IXof digest = new ShakeDigest(128); digest.BlockUpdate(b, 0, b.Length); - digest.DoFinal(tmp, 0, tmp.Length); + digest.OutputFinal(tmp, 0, tmp.Length); for (j = 0; j < n; j++) { A[i * n + j] = (short) (Pack.LE_To_UInt16(tmp, 2 * j) % q);//todo add % q diff --git a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs index 605a27764..0e2a4b54f 100644 --- a/crypto/src/pqc/crypto/picnic/PicnicEngine.cs +++ b/crypto/src/pqc/crypto/picnic/PicnicEngine.cs @@ -1508,7 +1508,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* Hash the salt & message */ digest.BlockUpdate(salt, 0, saltSizeBytes); digest.BlockUpdate(message, 0, message.Length); - digest.DoFinal(hash, 0, digestSizeBytes); + digest.OutputFinal(hash, 0, digestSizeBytes); /* Convert hash to a packed string of values in {0,1,2} */ int round = 0; @@ -1548,7 +1548,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* We need more bits; hash set hash = H_1(hash) */ digest.Update((byte) 1); digest.BlockUpdate(hash, 0, digestSizeBytes); - digest.DoFinal(hash, 0, digestSizeBytes); + digest.OutputFinal(hash, 0, digestSizeBytes); } } @@ -1569,7 +1569,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* Hash the seed with H_5, store digest in output */ digest.Update((byte) 5); digest.BlockUpdate(seed, seedOffset, seedSizeBytes); - digest.DoFinal(output, 0, digestSizeBytes); + digest.OutputFinal(output, 0, digestSizeBytes); /* Hash H_5(seed), the view, and the length */ digest.BlockUpdate(output, 0, digestSizeBytes); @@ -1582,7 +1582,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(view.communicatedBits, 0, andSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE((uint)outputBytes), 0, 2); - digest.DoFinal(output, 0, outputBytes); + digest.OutputFinal(output, 0, outputBytes); } private void mpc_LowMC(Tape tapes, View[] views, uint[] plaintext, uint[] slab) @@ -1635,7 +1635,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* Hash the seed, store result in `hash` */ digest.Update((byte) 4); digest.BlockUpdate(seed, seedOffset, seedSizeBytes); - digest.DoFinal(hash, 0, digestSizeBytes); + digest.OutputFinal(hash, 0, digestSizeBytes); /* Compute H_0(H_4(seed), view) */ digest.Update((byte) 0); @@ -1643,7 +1643,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(Pack.UInt32_To_LE(view.inputShare), 0, stateSizeBytes); digest.BlockUpdate(view.communicatedBits, 0, andSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE(view.outputShare), 0, stateSizeBytes); - digest.DoFinal(hash, 0, digestSizeBytes); + digest.OutputFinal(hash, 0, digestSizeBytes); } private void mpc_substitution(uint[] state, Tape rand, View[] views) @@ -1747,7 +1747,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic /* Hash the seed and a constant, store the result in tape. */ digest.Update((byte) 2); digest.BlockUpdate(seed, seedOffset, seedSizeBytes); - digest.DoFinal(tape, 0, digestSizeBytes); + digest.OutputFinal(tape, 0, digestSizeBytes); // Console.Error.Write("tape: " + Hex.toHexString(tape)); /* Expand the hashed seed, salt, round and player indices, and output @@ -1757,7 +1757,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(Pack.UInt32_To_LE(roundNumber), 0, 2); digest.BlockUpdate(Pack.UInt32_To_LE(playerNumber), 0, 2); digest.BlockUpdate(Pack.UInt32_To_LE((uint)tapeLen), 0, 2); - digest.DoFinal(tape, 0, tapeLen); + digest.OutputFinal(tape, 0, tapeLen); return true; } @@ -1773,7 +1773,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(Pack.UInt32_To_LE((uint)stateSizeBits), 0, 2); // Derive the N*T seeds + 1 salt - digest.DoFinal(allSeeds, 0, seedSizeBytes * (numMPCParties * numMPCRounds) + saltSizeBytes); + digest.OutputFinal(allSeeds, 0, seedSizeBytes * (numMPCParties * numMPCRounds) + saltSizeBytes); return allSeeds; } @@ -1963,7 +1963,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(Pack.UInt32_To_LE(pubKey), 0, stateSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE(plaintext), 0, stateSizeBytes); digest.BlockUpdate(message, 0, message.Length); - digest.DoFinal(challengeHash, 0, digestSizeBytes); + digest.OutputFinal(challengeHash, 0, digestSizeBytes); if ((challengeC != null) && (challengeP != null)) { @@ -2041,7 +2041,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.Update((byte) 1); digest.BlockUpdate(h, 0, digestSizeBytes); - digest.DoFinal(h, 0, digestSizeBytes); + digest.OutputFinal(h, 0, digestSizeBytes); } // Note that we always compute h = H(h) after setting C @@ -2066,7 +2066,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.Update((byte) 1); digest.BlockUpdate(h, 0, digestSizeBytes); - digest.DoFinal(h, 0, digestSizeBytes); + digest.OutputFinal(h, 0, digestSizeBytes); } } @@ -2077,7 +2077,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(C[i], 0, digestSizeBytes); } - digest.DoFinal(digest_arr, 0, digestSizeBytes); + digest.OutputFinal(digest_arr, 0, digestSizeBytes); } private void commit_v(byte[] digest_arr, byte[] input, Msg msg) @@ -2089,7 +2089,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(msg.msgs[i], 0, msgs_size); } - digest.DoFinal(digest_arr, 0, digestSizeBytes); + digest.OutputFinal(digest_arr, 0, digestSizeBytes); } private int SimulateOnline(uint[] maskedKey, Tape tape, uint[] tmp_shares, @@ -2139,7 +2139,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(salt, 0, saltSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE(t), 0, 2); digest.BlockUpdate(Pack.UInt32_To_LE(i), 0, 2); - digest.DoFinal(tape.tapes[i], 0, tapeSizeBytes); + digest.OutputFinal(tape.tapes[i], 0, tapeSizeBytes); } } @@ -2314,7 +2314,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(salt, 0, saltSizeBytes); digest.BlockUpdate(Pack.UInt32_To_LE(t), 0, 2); digest.BlockUpdate(Pack.UInt32_To_LE(j), 0, 2); - digest.DoFinal(digest_arr, 0, digestSizeBytes); + digest.OutputFinal(digest_arr, 0, digestSizeBytes); } private void ComputeSaltAndRootSeed(byte[] saltAndRoot, uint[] privateKey, uint[] pubKey, uint[] plaintext, byte[] message) @@ -2338,7 +2338,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic digest.BlockUpdate(pubkey_bytes, 0, stateSizeBytes); digest.BlockUpdate(plaintext_bytes, 0, stateSizeBytes); digest.BlockUpdate(Pack.UInt16_To_LE((ushort) (stateSizeBits & 0xffff)), 0, 2); - digest.DoFinal(saltAndRoot, 0, saltAndRoot.Length); + digest.OutputFinal(saltAndRoot, 0, saltAndRoot.Length); } static bool is_picnic3(int parameters) diff --git a/crypto/src/pqc/crypto/picnic/Tree.cs b/crypto/src/pqc/crypto/picnic/Tree.cs index 36efea831..50f844a52 100644 --- a/crypto/src/pqc/crypto/picnic/Tree.cs +++ b/crypto/src/pqc/crypto/picnic/Tree.cs @@ -450,7 +450,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic engine.digest.BlockUpdate(salt, 0, PicnicEngine.saltSizeBytes); engine.digest.BlockUpdate(Pack.UInt32_To_LE(parent), 0, 2); - engine.digest.DoFinal(this.nodes[parent], 0, engine.digestSizeBytes); + engine.digest.OutputFinal(this.nodes[parent], 0, engine.digestSizeBytes); this.haveNode[parent] = true; } @@ -545,7 +545,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Picnic engine.digest.BlockUpdate(salt, 0, PicnicEngine.saltSizeBytes); engine.digest.BlockUpdate(Pack.UInt16_To_LE((ushort) (repIndex & 0xffff)), 0, 2); //todo check endianness engine.digest.BlockUpdate(Pack.UInt16_To_LE((ushort) (nodeIndex & 0xffff)), 0, 2); //todo check endianness - engine.digest.DoFinal(digest_arr, 0, 2 * engine.seedSizeBytes); + engine.digest.OutputFinal(digest_arr, 0, 2 * engine.seedSizeBytes); // System.out.println("hash: " + Hex.toHexString(digest_arr)); } diff --git a/crypto/src/pqc/crypto/saber/Poly.cs b/crypto/src/pqc/crypto/saber/Poly.cs index f36b62031..021f1d0e3 100644 --- a/crypto/src/pqc/crypto/saber/Poly.cs +++ b/crypto/src/pqc/crypto/saber/Poly.cs @@ -39,7 +39,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber IXof digest = new ShakeDigest(128); digest.BlockUpdate(seed, 0, engine.getSABER_SEEDBYTES()); - digest.DoFinal(buf, 0, buf.Length); + digest.OutputFinal(buf, 0, buf.Length); for (i = 0; i < SABER_L; i++) { @@ -53,7 +53,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber int i; IXof digest = new ShakeDigest(128); digest.BlockUpdate(seed, 0, engine.getSABER_NOISE_SEEDBYTES()); - digest.DoFinal(buf, 0, buf.Length); + digest.OutputFinal(buf, 0, buf.Length); for (i = 0; i < SABER_L; i++) { diff --git a/crypto/src/pqc/crypto/saber/SABEREngine.cs b/crypto/src/pqc/crypto/saber/SABEREngine.cs index 38efdd8f3..a7c8d3ff9 100644 --- a/crypto/src/pqc/crypto/saber/SABEREngine.cs +++ b/crypto/src/pqc/crypto/saber/SABEREngine.cs @@ -204,7 +204,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.Saber IXof digest = new ShakeDigest(128); digest.BlockUpdate(seed_A, 0, SABER_SEEDBYTES); - digest.DoFinal(seed_A, 0, SABER_SEEDBYTES); + digest.OutputFinal(seed_A, 0, SABER_SEEDBYTES); random.NextBytes(seed_s); diff --git a/crypto/src/pqc/crypto/sike/SIKEEngine.cs b/crypto/src/pqc/crypto/sike/SIKEEngine.cs index de1ed1ed5..e7b218589 100644 --- a/crypto/src/pqc/crypto/sike/SIKEEngine.cs +++ b/crypto/src/pqc/crypto/sike/SIKEEngine.cs @@ -126,7 +126,7 @@ internal class SIKEEngine IXof digest = new ShakeDigest(256); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES)); - digest.DoFinal(ephemeralsk, 0, (int) param.SECRETKEY_B_BYTES); + digest.OutputFinal(ephemeralsk, 0, (int) param.SECRETKEY_B_BYTES); sidhCompressed.FormatPrivKey_B(ephemeralsk); @@ -144,7 +144,7 @@ internal class SIKEEngine // System.out.println("jinv: " + Hex.toHexstring(jinvariant)); digest.BlockUpdate(jinvariant, 0, (int) param.FP2_ENCODED_BYTES); - digest.DoFinal(h, 0, (int) param.MSG_BYTES); + digest.OutputFinal(h, 0, (int) param.MSG_BYTES); // System.out.println("h: " + Hex.toHexstring(h)); // System.out.println("temp: " + Hex.toHexstring(temp)); @@ -158,7 +158,7 @@ internal class SIKEEngine System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES)); - digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES); + digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES); return 0; } else @@ -174,7 +174,7 @@ internal class SIKEEngine IXof digest = new ShakeDigest(256); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES)); - digest.DoFinal(ephemeralsk, 0, (int) param.SECRETKEY_A_BYTES); + digest.OutputFinal(ephemeralsk, 0, (int) param.SECRETKEY_A_BYTES); ephemeralsk[param.SECRETKEY_A_BYTES - 1] &= (byte) param.MASK_ALICE; // Encrypt @@ -182,7 +182,7 @@ internal class SIKEEngine sidh.EphemeralSecretAgreement_A(ephemeralsk, pk, jinvariant); digest.BlockUpdate(jinvariant, 0, (int) param.FP2_ENCODED_BYTES); - digest.DoFinal(h, 0, (int) param.MSG_BYTES); + digest.OutputFinal(h, 0, (int) param.MSG_BYTES); for (int i = 0; i < param.MSG_BYTES; i++) { @@ -193,7 +193,7 @@ internal class SIKEEngine System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES)); - digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES); + digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES); return 0; } @@ -218,7 +218,7 @@ internal class SIKEEngine IXof digest = new ShakeDigest(256); digest.BlockUpdate(jinvariant_, 0, (int) param.FP2_ENCODED_BYTES); - digest.DoFinal(h_, 0, (int) param.MSG_BYTES); + digest.OutputFinal(h_, 0, (int) param.MSG_BYTES); // System.out.println("h_: " + Hex.toHexstring(h_)); @@ -231,7 +231,7 @@ internal class SIKEEngine System.Array.Copy(sk, param.MSG_BYTES + param.SECRETKEY_A_BYTES, temp, param.MSG_BYTES, param.CRYPTO_PUBLICKEYBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES)); - digest.DoFinal(ephemeralsk_, 0, (int) param.SECRETKEY_B_BYTES); + digest.OutputFinal(ephemeralsk_, 0, (int) param.SECRETKEY_B_BYTES); sidhCompressed.FormatPrivKey_B(ephemeralsk_); // Generate shared secret ss <- H(m||ct), or output ss <- H(s||ct) in case of ct verification failure @@ -242,7 +242,7 @@ internal class SIKEEngine System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES)); - digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES); + digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES); return 0; } @@ -260,7 +260,7 @@ internal class SIKEEngine IXof digest = new ShakeDigest(256); digest.BlockUpdate(jinvariant_, 0, (int) param.FP2_ENCODED_BYTES); - digest.DoFinal(h_, 0, (int) param.MSG_BYTES); + digest.OutputFinal(h_, 0, (int) param.MSG_BYTES); for (int i = 0; i < param.MSG_BYTES; i++) { temp[i] = (byte) (ct[i + param.CRYPTO_PUBLICKEYBYTES] ^ h_[i]); @@ -270,7 +270,7 @@ internal class SIKEEngine System.Array.Copy(sk, param.MSG_BYTES + param.SECRETKEY_B_BYTES, temp, param.MSG_BYTES, param.CRYPTO_PUBLICKEYBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_PUBLICKEYBYTES + param.MSG_BYTES)); - digest.DoFinal(ephemeralsk_, 0, (int) param.SECRETKEY_A_BYTES); + digest.OutputFinal(ephemeralsk_, 0, (int) param.SECRETKEY_A_BYTES); ephemeralsk_[param.SECRETKEY_A_BYTES - 1] &= (byte) param.MASK_ALICE; @@ -283,7 +283,7 @@ internal class SIKEEngine System.Array.Copy(ct, 0, temp, param.MSG_BYTES, param.CRYPTO_CIPHERTEXTBYTES); digest.BlockUpdate(temp, 0, (int) (param.CRYPTO_CIPHERTEXTBYTES + param.MSG_BYTES)); - digest.DoFinal(ss, 0, (int) param.CRYPTO_BYTES); + digest.OutputFinal(ss, 0, (int) param.CRYPTO_BYTES); return 0; } diff --git a/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs b/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs index 86c2f8fbb..f55a87778 100644 --- a/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs +++ b/crypto/src/pqc/crypto/sphincsplus/HarakaSXof.cs @@ -11,7 +11,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { byte[] buf = new byte[640]; BlockUpdate(pkSeed, 0, pkSeed.Length); - DoFinal(buf, 0, buf.Length); + OutputFinal(buf, 0, buf.Length); haraka512_rc = new ulong[10][]; haraka256_rc = new uint[10][]; for (int i = 0; i < 10; ++i) @@ -51,7 +51,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus } } - public int DoFinal(byte[] output, int outOff, int len) + public int OutputFinal(byte[] output, int outOff, int len) { int outLen = len; diff --git a/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs b/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs index a625cb32d..35d7c883e 100644 --- a/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs +++ b/crypto/src/pqc/crypto/sphincsplus/HarakaS_X86.cs @@ -114,7 +114,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return OutputFinal(output[..32]); } - public int DoOutput(byte[] output, int outOff, int outLen) + public int Output(byte[] output, int outOff, int outLen) { return Output(output.AsSpan(outOff, outLen)); } @@ -157,7 +157,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus return result; } - public int DoFinal(byte[] output, int outOff, int outLen) + public int OutputFinal(byte[] output, int outOff, int outLen) { return OutputFinal(output.AsSpan(outOff, outLen)); } diff --git a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs index 86e93383c..3c295c3bd 100644 --- a/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs +++ b/crypto/src/pqc/crypto/sphincsplus/SPHINCSPlusEngine.cs @@ -372,7 +372,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); treeDigest.BlockUpdate(mTheta, 0, mTheta.Length); - treeDigest.DoFinal(rv, 0, rv.Length); + treeDigest.OutputFinal(rv, 0, rv.Length); return rv; } @@ -395,7 +395,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(m2, 0, m2.Length); } - treeDigest.DoFinal(rv, 0, rv.Length); + treeDigest.OutputFinal(rv, 0, rv.Length); return rv; } @@ -414,7 +414,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(pkRoot, 0, pkRoot.Length); treeDigest.BlockUpdate(message, 0, message.Length); - treeDigest.DoFinal(output, 0, output.Length); + treeDigest.OutputFinal(output, 0, output.Length); // tree index // currently, only indexes up to 64 bits are supported @@ -440,7 +440,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); treeDigest.BlockUpdate(mTheta, 0, mTheta.Length); - treeDigest.DoFinal(rv, 0, rv.Length); + treeDigest.OutputFinal(rv, 0, rv.Length); return rv; } @@ -450,7 +450,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); treeDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); treeDigest.BlockUpdate(skSeed, 0, skSeed.Length); - treeDigest.DoFinal(prf, prfOff, N); + treeDigest.OutputFinal(prf, prfOff, N); } public override byte[] PRF_msg(byte[] prf, byte[] randomiser, byte[] message) @@ -459,7 +459,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus treeDigest.BlockUpdate(randomiser, 0, randomiser.Length); treeDigest.BlockUpdate(message, 0, message.Length); byte[] output = new byte[N]; - treeDigest.DoFinal(output, 0, output.Length); + treeDigest.OutputFinal(output, 0, output.Length); return output; } @@ -469,8 +469,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus maskDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); maskDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); - - maskDigest.DoFinal(mask, 0, mask.Length); + maskDigest.OutputFinal(mask, 0, mask.Length); for (int i = 0; i < m.Length; ++i) { @@ -486,8 +485,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus maskDigest.BlockUpdate(pkSeed, 0, pkSeed.Length); maskDigest.BlockUpdate(adrs.value, 0, adrs.value.Length); - - maskDigest.DoFinal(mask, 0, mask.Length); + maskDigest.OutputFinal(mask, 0, mask.Length); for (int i = 0; i < m1.Length; ++i) { @@ -555,7 +553,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus m = Bitmask(adrs, m); harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length); harakaSXof.BlockUpdate(m, 0, m.Length); - harakaSXof.DoFinal(rv, 0, rv.Length); + harakaSXof.OutputFinal(rv, 0, rv.Length); return rv; } @@ -571,7 +569,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus harakaSXof.BlockUpdate(prf, 0, prf.Length); harakaSXof.BlockUpdate(pkRoot, 0, pkRoot.Length); harakaSXof.BlockUpdate(message, 0, message.Length); - harakaSXof.DoFinal(output, 0, output.Length); + harakaSXof.OutputFinal(output, 0, output.Length); // tree index // currently, only indexes up to 64 bits are supported @@ -590,7 +588,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus m = Bitmask(adrs, m); harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length); harakaSXof.BlockUpdate(m, 0, m.Length); - harakaSXof.DoFinal(rv, 0, rv.Length); + harakaSXof.OutputFinal(rv, 0, rv.Length); return rv; } @@ -609,7 +607,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus harakaSXof.BlockUpdate(prf, 0, prf.Length); harakaSXof.BlockUpdate(randomiser, 0, randomiser.Length); harakaSXof.BlockUpdate(message, 0, message.Length); - harakaSXof.DoFinal(rv, 0, rv.Length); + harakaSXof.OutputFinal(rv, 0, rv.Length); return rv; } @@ -619,7 +617,7 @@ namespace Org.BouncyCastle.Pqc.Crypto.SphincsPlus { byte[] mask = new byte[m.Length]; harakaSXof.BlockUpdate(adrs.value, 0, adrs.value.Length); - harakaSXof.DoFinal(mask, 0, mask.Length); + harakaSXof.OutputFinal(mask, 0, mask.Length); for (int i = 0; i < m.Length; ++i) { m[i] ^= mask[i]; diff --git a/crypto/test/src/crypto/test/Blake2xsDigestTest.cs b/crypto/test/src/crypto/test/Blake2xsDigestTest.cs index 3cea10a38..0a8e9c1fa 100644 --- a/crypto/test/src/crypto/test/Blake2xsDigestTest.cs +++ b/crypto/test/src/crypto/test/Blake2xsDigestTest.cs @@ -2609,7 +2609,7 @@ namespace Org.BouncyCastle.Crypto.Tests h.BlockUpdate(input, 0, input.Length); Blake2xsDigest clone = new Blake2xsDigest(h); - h.DoOutput(output, outOff, digestSize); + h.Output(output, outOff, digestSize); if (!AreEqual(output, outOff, outOff + digestSize, expected, 0, digestSize)) { Fail("BLAKE2xs mismatch on test vector after a reset", XofTestVectors[i, 2], @@ -2617,7 +2617,7 @@ namespace Org.BouncyCastle.Crypto.Tests } byte[] outClone = new byte[digestSize]; - clone.DoFinal(outClone, 0, outClone.Length); + clone.OutputFinal(outClone, 0, outClone.Length); if (!AreEqual(outClone, expected)) { Fail("BLAKE2xs mismatch on test vector against a clone", XofTestVectors[i, 2], @@ -2646,7 +2646,7 @@ namespace Org.BouncyCastle.Crypto.Tests try { - h.DoFinal(output, 0, output.Length); + h.OutputFinal(output, 0, output.Length); Fail("no exception"); } catch (ArgumentException e) @@ -2654,7 +2654,7 @@ namespace Org.BouncyCastle.Crypto.Tests IsEquals("Output length is above the digest length", e.Message); } - h.DoFinal(output, 0, 1); + h.OutputFinal(output, 0, 1); } //private void TestBlake2xsUnknownLength() diff --git a/crypto/test/src/crypto/test/Blake3Test.cs b/crypto/test/src/crypto/test/Blake3Test.cs index 648663ac7..d563a86c8 100644 --- a/crypto/test/src/crypto/test/Blake3Test.cs +++ b/crypto/test/src/crypto/test/Blake3Test.cs @@ -395,7 +395,7 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] myAlt = new byte[myLen]; /* Perform standard output */ - pDigest.DoOutput(pBuffer, 0, myLen); + pDigest.Output(pBuffer, 0, myLen); pDigest.Reset(mySave); /* Loop creating output 5 bytes at a time */ @@ -403,7 +403,7 @@ namespace Org.BouncyCastle.Crypto.Tests { /* Output bytes */ int myRead = System.Math.Min(PARTOUT, myLen - i); - pDigest.DoOutput(myAlt, i, myRead); + pDigest.Output(myAlt, i, myRead); /* Around halfway through */ if (i == PARTBREAK) diff --git a/crypto/test/src/crypto/test/CSHAKETest.cs b/crypto/test/src/crypto/test/CSHAKETest.cs index 581832aaf..fa362e21b 100644 --- a/crypto/test/src/crypto/test/CSHAKETest.cs +++ b/crypto/test/src/crypto/test/CSHAKETest.cs @@ -26,7 +26,7 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] res = new byte[32]; - cshake.DoOutput(res, 0, res.Length); + cshake.Output(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("c1c36925b6409a04f1b504fcbca9d82b4017277cb5ed2b2065fc1d3814d5aaf5"), res)); @@ -49,7 +49,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[32]; - cshake.DoOutput(res, 0, res.Length); + cshake.Output(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("C5221D50E4F822D96A2E8881A961420F294B7B24FE3D2094BAED2C6524CC166B "), res)); @@ -59,7 +59,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[64]; - cshake.DoOutput(res, 0, res.Length); + cshake.Output(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode( "D008828E2B80AC9D2218FFEE1D070C48" + @@ -86,7 +86,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[64]; - cshake.DoOutput(res, 0, res.Length); + cshake.Output(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode( "07DC27B11E51FBAC75BC7B3C1D983E8B" + @@ -113,15 +113,15 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] buf = new byte[20]; CShakeDigest cshake1 = new CShakeDigest(256, new byte[0], new byte[265]); - cshake1.DoOutput(buf, 0, buf.Length); + cshake1.Output(buf, 0, buf.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("6e393540387004f087c4180db008acf6825190cf"), buf)); CShakeDigest cshake2 = new CShakeDigest(128, new byte[0], new byte[329]); - cshake2.DoOutput(buf, 0, buf.Length); + cshake2.Output(buf, 0, buf.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("309bd7c285fcf8b839c9686b2cc00bd578947bee"), buf)); cshake2 = new CShakeDigest(128, new byte[29], new byte[300]); - cshake2.DoOutput(buf, 0, buf.Length); + cshake2.Output(buf, 0, buf.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("ff6aafd83b8d22fc3e2e9b9948b581967ed9c5e7"), buf)); } @@ -133,19 +133,19 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] res = new byte[32]; - cshake.DoOutput(res, 0, res.Length); + cshake.Output(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("c1c36925b6409a04f1b504fcbca9d82b4017277cb5ed2b2065fc1d3814d5aaf5"), res)); - cshake.DoOutput(res, 0, res.Length); + cshake.Output(res, 0, res.Length); Assert.IsTrue(!Arrays.AreEqual(Hex.Decode("c1c36925b6409a04f1b504fcbca9d82b4017277cb5ed2b2065fc1d3814d5aaf5"), res)); - cshake.DoFinal(res, 0, res.Length); + cshake.OutputFinal(res, 0, res.Length); cshake.BlockUpdate(Hex.Decode("00010203"), 0, 4); - cshake.DoFinal(res, 0, res.Length); + cshake.OutputFinal(res, 0, res.Length); string s = Hex.ToHexString(res); @@ -155,11 +155,11 @@ namespace Org.BouncyCastle.Crypto.Tests cshake.BlockUpdate(Hex.Decode("00010203"), 0, 4); - cshake.DoOutput(res, 0, res.Length); + cshake.Output(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("c1c36925b6409a04f1b504fcbca9d82b4017277cb5ed2b2065fc1d3814d5aaf5"), res)); - cshake.DoFinal(res, 0, res.Length); + cshake.OutputFinal(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("9cbce830079c452abdeb875366a49ebfe75b89ef17396e34898e904830b0e136"), res)); } @@ -181,14 +181,14 @@ namespace Org.BouncyCastle.Crypto.Tests cshake_.BlockUpdate(hex0123, 0, 4); - cshake_.DoFinal(res, 0, 16); + cshake_.OutputFinal(res, 0, 16); } CShakeDigest cshake = new CShakeDigest(256, new byte[0], new byte[200]); cshake.BlockUpdate(data, 0, 200); - cshake.DoFinal(res, 0, 32); + cshake.OutputFinal(res, 0, 32); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("4a899b5be460d85a9789215bc17f88b8f8ac049bd3b519f561e7b5d3870dafa3"), res)); } @@ -204,8 +204,8 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] res1 = new byte[32]; byte[] res2 = new byte[32]; - ref_.DoFinal(res1, 0, res1.Length); - cshake.DoFinal(res2, 0, res2.Length); + ref_.OutputFinal(res1, 0, res1.Length); + cshake.OutputFinal(res2, 0, res2.Length); Assert.IsTrue(Arrays.AreEqual(res1, res2)); } diff --git a/crypto/test/src/crypto/test/KMACTest.cs b/crypto/test/src/crypto/test/KMACTest.cs index b726f37bf..9a67b5a69 100644 --- a/crypto/test/src/crypto/test/KMACTest.cs +++ b/crypto/test/src/crypto/test/KMACTest.cs @@ -33,7 +33,7 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] res = new byte[32]; - kmac.DoFinal(res, 0, res.Length); + kmac.OutputFinal(res, 0, res.Length); Assert.IsTrue( Arrays.AreEqual(Hex.Decode("E5780B0D3EA6F7D3A429C5706AA43A00FADBD7D49628839E3187243F456EE14E"), res), "oops: " + Hex.ToHexString(res)); @@ -46,7 +46,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[32]; - kmac.DoFinal(res, 0, res.Length); + kmac.OutputFinal(res, 0, res.Length); Assert.IsTrue( Arrays.AreEqual(Hex.Decode("3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5"), res), "oops: " + Hex.ToHexString(res)); @@ -67,7 +67,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[32]; - kmac.DoFinal(res, 0, res.Length); + kmac.OutputFinal(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230"), res), "oops:" + Hex.ToHexString(res)); @@ -82,7 +82,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[64]; - kmac.DoFinal(res, 0, res.Length); + kmac.OutputFinal(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC3DE9D104A351689F27CF6F5951F0103F33F4F24871024D9C27773A8DD"), res), "oops:" + Hex.ToHexString(res)); @@ -103,7 +103,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[64]; - kmac.DoFinal(res, 0, res.Length); + kmac.OutputFinal(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69"), res), "oops:" + Hex.ToHexString(res)); @@ -124,7 +124,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[64]; - kmac.DoFinal(res, 0, res.Length); + kmac.OutputFinal(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("B58618F71F92E1D56C1B8C55DDD7CD188B97B4CA4D99831EB2699A837DA2E4D970FBACFDE50033AEA585F1A2708510C32D07880801BD182898FE476876FC8965"), res), "oops:" + Hex.ToHexString(res)); @@ -151,29 +151,29 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] res = new byte[32]; - kmac.DoOutput(res, 0, res.Length); + kmac.Output(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("31a44527b4ed9f5c6101d11de6d26f0620aa5c341def41299657fe9df1a3b16c"), res), Hex.ToHexString(res)); - kmac.DoOutput(res, 0, res.Length); + kmac.Output(res, 0, res.Length); Assert.IsTrue(!Arrays.AreEqual(Hex.Decode("31a44527b4ed9f5c6101d11de6d26f0620aa5c341def41299657fe9df1a3b16c"), res)); - kmac.DoFinal(res, 0, res.Length); + kmac.OutputFinal(res, 0, res.Length); kmac.BlockUpdate(Hex.Decode("00010203"), 0, 4); - kmac.DoFinal(res, 0, res.Length); + kmac.OutputFinal(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5"), res)); kmac.BlockUpdate(Hex.Decode("00010203"), 0, 4); - kmac.DoOutput(res, 0, res.Length); + kmac.Output(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("31a44527b4ed9f5c6101d11de6d26f0620aa5c341def41299657fe9df1a3b16c"), res)); - kmac.DoFinal(res, 0, res.Length); + kmac.OutputFinal(res, 0, res.Length); Assert.IsTrue(Arrays.AreEqual(Hex.Decode("ffcb48c7620ccd67d1c83224186892cef2f2a99278d5cfdde10e48bdc89718c2"), res), Hex.ToHexString(res)); } @@ -218,14 +218,14 @@ namespace Org.BouncyCastle.Crypto.Tests KMac k128 = new KMac(128, new byte[0]); k128.Init(new KeyParameter(new byte[163])); k128.BlockUpdate(data, 0, data.Length); - k128.DoOutput(out_, 0, out_.Length); + k128.Output(out_, 0, out_.Length); Assert.IsTrue( Arrays.AreEqual(out_, Hex.Decode("6e6ab56468c7445f81c679f89f45c90a95a9c01afbaab5f7065b7e2e96f7d2bb")),"128 failed"); KMac k256 = new KMac(256, new byte[0]); k256.Init(new KeyParameter(new byte[131])); k256.BlockUpdate(data, 0, data.Length); - k256.DoOutput(out_, 0, out_.Length); + k256.Output(out_, 0, out_.Length); Assert.IsTrue(Arrays.AreEqual(out_, Hex.Decode("f6302d4f854b4872e811b37993b6bfe027258089b6a9fbb26a755b1ebfc0d830")), "256 failed"); } @@ -243,8 +243,8 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] res1 = new byte[32]; byte[] res2 = new byte[32]; - ref_.DoFinal(res1, 0, res1.Length); - kmac.DoFinal(res2, 0, res2.Length); + ref_.OutputFinal(res1, 0, res1.Length); + kmac.OutputFinal(res2, 0, res2.Length); Assert.IsTrue(Arrays.AreEqual(res1, res2)); } diff --git a/crypto/test/src/crypto/test/ParallelHashTest.cs b/crypto/test/src/crypto/test/ParallelHashTest.cs index e37516366..b7c4de1a1 100644 --- a/crypto/test/src/crypto/test/ParallelHashTest.cs +++ b/crypto/test/src/crypto/test/ParallelHashTest.cs @@ -101,7 +101,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[32]; - pHash.DoOutput(res, 0, res.Length); + pHash.Output(res, 0, res.Length); IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("F7 FD 53 12 89 6C 66 85 C8 28 AF 7E 2A DB 97 E3 93 E7 F8 D5 4E 3C 2E A4 B9 5E 5A CA 37 96 E8 FC"), res)); IsTrue("oops!", Arrays.AreEqual(Hex.Decode("0127ad9772ab904691987fcc4a24888f341fa0db2145e872d4efd255376602f0"), res)); @@ -113,7 +113,7 @@ namespace Org.BouncyCastle.Crypto.Tests res = new byte[64]; - pHash.DoOutput(res, 0, res.Length); + pHash.Output(res, 0, res.Length); IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("69 D0 FC B7 64 EA 05 5D D0 93 34 BC 60 21 CB 7E 4B 61 34 8D FF 37 5D A2 62 67 1C DE C3 EF FA 8D 1B 45 68 A6 CC E1 6B 1C AD 94 6D DD E2 7F 6C E2 B8 DE E4 CD 1B 24 85 1E BF 00 EB 90 D4 38 13 E9"), res)); IsTrue("oops!", Arrays.AreEqual(Hex.Decode("6b3e790b330c889a204c2fbc728d809f19367328d852f4002dc829f73afd6bcefb7fe5b607b13a801c0be5c1170bdb794e339458fdb0e62a6af3d42558970249"), res)); @@ -134,7 +134,7 @@ namespace Org.BouncyCastle.Crypto.Tests byte[] res = new byte[16 / 8]; - pHash.DoOutput(res, 0, res.Length); + pHash.Output(res, 0, res.Length); IsTrue(Arrays.AreEqual(Hex.Decode("13C4"), res)); } diff --git a/crypto/test/src/crypto/test/ShakeDigestTest.cs b/crypto/test/src/crypto/test/ShakeDigestTest.cs index 0aeedb256..dd160fcbd 100644 --- a/crypto/test/src/crypto/test/ShakeDigestTest.cs +++ b/crypto/test/src/crypto/test/ShakeDigestTest.cs @@ -26,9 +26,9 @@ namespace Org.BouncyCastle.Crypto.Tests { } - internal int MyDoFinal(byte[] output, int outOff, int outLen, byte partialByte, int partialBits) + internal int MyOutputFinal(byte[] output, int outOff, int outLen, byte partialByte, int partialBits) { - return DoFinal(output, outOff, outLen, partialByte, partialBits); + return OutputFinal(output, outOff, outLen, partialByte, partialBits); } } @@ -187,12 +187,12 @@ namespace Org.BouncyCastle.Crypto.Tests if (partialBits == 0) { d.BlockUpdate(m, 0, m.Length); - d.DoFinal(output, 0, outLen); + d.OutputFinal(output, 0, outLen); } else { d.BlockUpdate(m, 0, m.Length - 1); - d.MyDoFinal(output, 0, outLen, m[m.Length - 1], partialBits); + d.MyOutputFinal(output, 0, outLen, m[m.Length - 1], partialBits); } if (!Arrays.AreEqual(expected, output)) @@ -209,8 +209,8 @@ namespace Org.BouncyCastle.Crypto.Tests m = v.Message; d.BlockUpdate(m, 0, m.Length); - d.DoOutput(output, 0, outLen / 2); - d.DoOutput(output, outLen / 2, output.Length - outLen / 2); + d.Output(output, 0, outLen / 2); + d.Output(output, outLen / 2, output.Length - outLen / 2); if (!Arrays.AreEqual(expected, output)) { @@ -235,8 +235,8 @@ namespace Org.BouncyCastle.Crypto.Tests m = v.Message; d.BlockUpdate(m, 0, m.Length); - d.DoOutput(output, 0, outLen / 2); - d.DoFinal(output, outLen / 2, output.Length - outLen / 2); + d.Output(output, 0, outLen / 2); + d.OutputFinal(output, outLen / 2, output.Length - outLen / 2); if (!Arrays.AreEqual(expected, output)) { diff --git a/crypto/test/src/crypto/test/TupleHashTest.cs b/crypto/test/src/crypto/test/TupleHashTest.cs index 918fcbea4..8eaa97e5c 100644 --- a/crypto/test/src/crypto/test/TupleHashTest.cs +++ b/crypto/test/src/crypto/test/TupleHashTest.cs @@ -88,7 +88,7 @@ namespace Org.BouncyCastle.Crypto.Tests tHash.BlockUpdate(Hex.Decode("202122232425262728"), 0, 9); res = new byte[32]; - tHash.DoOutput(res, 0, res.Length); + tHash.Output(res, 0, res.Length); IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("E6 0F 20 2C 89 A2 63 1E DA 8D 4C 58 8C A5 FD 07 F3 9E 51 51 99 8D EC CF 97 3A DB 38 04 BB 6E 84"), res)); IsTrue("oops!", Arrays.AreEqual(Hex.Decode("900fe16cad098d28e74d632ed852f99daab7f7df4d99e775657885b4bf76d6f8"), res)); @@ -100,7 +100,7 @@ namespace Org.BouncyCastle.Crypto.Tests tHash.BlockUpdate(Hex.Decode("202122232425262728"), 0, 9); res = new byte[64]; - tHash.DoOutput(res, 0, res.Length); + tHash.Output(res, 0, res.Length); IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("45 00 0B E6 3F 9B 6B FD 89 F5 47 17 67 0F 69 A9 BC 76 35 91 A4 F0 5C 50 D6 88 91 A7 44 BC C6 E7 D6 D5 B5 E8 2C 01 8D A9 99 ED 35 B0 BB 49 C9 67 8E 52 6A BD 8E 85 C1 3E D2 54 02 1D B9 E7 90 CE"), res)); IsTrue("oops!", Arrays.AreEqual(Hex.Decode("0c59b11464f2336c34663ed51b2b950bec743610856f36c28d1d088d8a2446284dd09830a6a178dc752376199fae935d86cfdee5913d4922dfd369b66a53c897"), res)); diff --git a/crypto/test/src/math/ec/rfc8032/test/Ed448Test.cs b/crypto/test/src/math/ec/rfc8032/test/Ed448Test.cs index 40d28cc97..2cfc57016 100644 --- a/crypto/test/src/math/ec/rfc8032/test/Ed448Test.cs +++ b/crypto/test/src/math/ec/rfc8032/test/Ed448Test.cs @@ -81,7 +81,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests IXof prehash = Ed448.CreatePrehash(); prehash.BlockUpdate(m, 0, mLen); - prehash.DoFinal(ph, 0, ph.Length); + prehash.OutputFinal(ph, 0, ph.Length); Ed448.SignPrehash(sk, 0, ctx, ph, 0, sig1, 0); Ed448.SignPrehash(sk, 0, pk, 0, ctx, ph, 0, sig2, 0); @@ -607,7 +607,7 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032.Tests prehash.BlockUpdate(m, 0, m.Length); byte[] ph = new byte[Ed448.PrehashSize]; - prehash.DoFinal(ph, 0, ph.Length); + prehash.OutputFinal(ph, 0, ph.Length); Ed448.SignPrehash(sk, 0, ctx, ph, 0, sigGen, 0); Assert.IsTrue(Arrays.AreEqual(sig, sigGen), text); diff --git a/crypto/test/src/test/ParallelHashTest.cs b/crypto/test/src/test/ParallelHashTest.cs index 2c8cac637..afb6ccfe0 100644 --- a/crypto/test/src/test/ParallelHashTest.cs +++ b/crypto/test/src/test/ParallelHashTest.cs @@ -102,7 +102,7 @@ public class ParallelHashTest res = new byte[32]; - pHash.DoOutput(res, 0, res.Length); + pHash.Output(res, 0, res.Length); IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("F7 FD 53 12 89 6C 66 85 C8 28 AF 7E 2A DB 97 E3 93 E7 F8 D5 4E 3C 2E A4 B9 5E 5A CA 37 96 E8 FC"), res)); IsTrue("oops!", Arrays.AreEqual(Hex.Decode("0127ad9772ab904691987fcc4a24888f341fa0db2145e872d4efd255376602f0"), res)); @@ -114,7 +114,7 @@ public class ParallelHashTest res = new byte[64]; - pHash.DoOutput(res, 0, res.Length); + pHash.Output(res, 0, res.Length); IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("69 D0 FC B7 64 EA 05 5D D0 93 34 BC 60 21 CB 7E 4B 61 34 8D FF 37 5D A2 62 67 1C DE C3 EF FA 8D 1B 45 68 A6 CC E1 6B 1C AD 94 6D DD E2 7F 6C E2 B8 DE E4 CD 1B 24 85 1E BF 00 EB 90 D4 38 13 E9"), res)); IsTrue("oops!", Arrays.AreEqual(Hex.Decode("6b3e790b330c889a204c2fbc728d809f19367328d852f4002dc829f73afd6bcefb7fe5b607b13a801c0be5c1170bdb794e339458fdb0e62a6af3d42558970249"), res)); @@ -132,7 +132,7 @@ public class ParallelHashTest byte[] res = new byte[16 / 8]; - pHash.DoOutput(res, 0, res.Length); + pHash.Output(res, 0, res.Length); IsTrue(Arrays.AreEqual(Hex.Decode("13C4"), res)); } diff --git a/crypto/test/src/test/TupleHashTest.cs b/crypto/test/src/test/TupleHashTest.cs index 4d92ee7fe..deb8f72cf 100644 --- a/crypto/test/src/test/TupleHashTest.cs +++ b/crypto/test/src/test/TupleHashTest.cs @@ -87,7 +87,7 @@ public class TupleHashTest tHash.BlockUpdate(Hex.Decode("202122232425262728"), 0, 9); res = new byte[32]; - tHash.DoOutput(res, 0, res.Length); + tHash.Output(res, 0, res.Length); IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("E6 0F 20 2C 89 A2 63 1E DA 8D 4C 58 8C A5 FD 07 F3 9E 51 51 99 8D EC CF 97 3A DB 38 04 BB 6E 84"), res)); IsTrue("oops!", Arrays.AreEqual(Hex.Decode("900fe16cad098d28e74d632ed852f99daab7f7df4d99e775657885b4bf76d6f8"), res)); @@ -99,7 +99,7 @@ public class TupleHashTest tHash.BlockUpdate(Hex.Decode("202122232425262728"), 0, 9); res = new byte[64]; - tHash.DoOutput(res, 0, res.Length); + tHash.Output(res, 0, res.Length); IsTrue("oops!", !Arrays.AreEqual(Hex.Decode("45 00 0B E6 3F 9B 6B FD 89 F5 47 17 67 0F 69 A9 BC 76 35 91 A4 F0 5C 50 D6 88 91 A7 44 BC C6 E7 D6 D5 B5 E8 2C 01 8D A9 99 ED 35 B0 BB 49 C9 67 8E 52 6A BD 8E 85 C1 3E D2 54 02 1D B9 E7 90 CE"), res)); IsTrue("oops!", Arrays.AreEqual(Hex.Decode("0c59b11464f2336c34663ed51b2b950bec743610856f36c28d1d088d8a2446284dd09830a6a178dc752376199fae935d86cfdee5913d4922dfd369b66a53c897"), res)); -- cgit 1.4.1